If we store credit card information we need to be PCI compliant. Let’s outsource that then.
All stored personal information needs to be PCI compliant.