There should be extra care taken into account when you are dealing with PII(personal identifiable information) in your application. There are multiple laws in countries that demand proper protection by means of SSL/TLS for when the data is in transit and encrypted with pub priv key system when stored on the disk. This is needed to protect the user from identity theft and fraud.
Personally Identifiable Information needs to be stored encrypted at rest and ensure that all communication goes via protected channels like SSL/TLS.