[bwanab]

It might be interesting to point out that in all the examples you give there exist strong regulatory requirements. Are you (we, collectively) saying that regulations and government oversight should be on the table for web sites that provide services requiring a certain level of security?

[deelowe]

The regulatory compliance varies from state to state. For example, ChemE doesn't require a PE in most (all?) states. Typically, regulatory compliance is only required when the work involves some sort of interstate commerce.

With all the leaks and concerns over privacy lately, I think we'll see some sort expansion of the laws covering PII sooner than later. So wether or not I agree with it, I think this will happen.