jecasc - 6:30 pm on Nov 21, 2011 (gmt 0)
The bank account information normally is not a very sensitive or secret information at least compared to credit card information. I have never heard of any special requirements on how that kind of information has to be stored.
My bank account information is out in the open anyway - it is printed on my business letters and invoices so people can pay me. So I have shared my bank account information with thousands of people in the last years.
For what purpose does he need the information? I suppose it's for making payments to the accounts and not for receiveing payments - because the only way to charge another bank-account is direct debit - a popular way of payment in some european countries but not very common in the US as far as I know.
However if you feel uncomfortable about this for some reason you should get legal advice from some expert. I would be very surprised however if there were any special requirements that go beyond normal data protection requirements that is usual for other data, like address information.
- Regular PCI compliance scans, and audits by security professionals
Not even necessarily with credit card information - when your volume of transactions is not very high you fill out a "Self-Assessment Questionnaire".