Companies that store personal information at that level should be required to implement PCI-DSS level security. This includes going through the auditing process.
You can work to not implement the security standards, and then try to fake your way through the audit. At that point you are not ignorant of proper security, you are actively endangering the users, and your right to hold PII (Personally Identifiable Information) should be revoked.
Companies that store personal information at that level should be required to implement PCI-DSS level security. This includes going through the auditing process.
Here's a quick overview.
https://www.pcisecuritystandards.org/documents/PCI%20SSC%20Q...
You can work to not implement the security standards, and then try to fake your way through the audit. At that point you are not ignorant of proper security, you are actively endangering the users, and your right to hold PII (Personally Identifiable Information) should be revoked.