With the recent hack of TalkTalk, which company admitted they had not encrypted personally identifiable information (PII) of customer records (this is EU based, but should apply everywhere) stated they had no "obligation" to do so.
I have such records encrypted. Just wondering how many do nothing or follow the same practice. I have no doubt we all take precautions, but the encrypt question is vital. So... how do you handle PII?