[mattdodge]

Not all PII is inherently "sensitive" though. Meaning not everything that can be used to actually identify you needs to be encrypted and protected. I don't know for sure but I don't think names or addresses qualify as that.

[s73ver_]

I absolutely would say it would, especially where there's a very good chance that the home and work addresses are part of that list, and the idea that someone would use a database like that to spy on an ex and harass and/or assault them is an actual thing that happens.

[zephyrus1985]

various state by state. The above does qualify as PII in california