This new question makes more sense, though, given your explanation
below I think the first one could be kept and made more concrete...
> Some things that should always be encrypted:
> Social Security Numbers
> Credit card numbers or other financial information
> Retrieve password questions and answers
> <I'm sure there are more, just can't think of any right now>
The "Retrieve password questions and answers" is likely to be found in
some implementation of authentication "module" that comes along with
some web-frameworks (django comes to mind, but I don't know if it
stores such a question).
This needs to be encrypted to prevent stealing everyone account if you
somehow got your hand on the database, right? IMHO, this an example
that should be in the original question as it is not an "obvious" fact
compared to Social Security Number or Credit Card Number...
> Then it gets into more application-specifics. For example, if you have a
> website with medical information for patients you had better use transport
> layer encryption as well as encrypt all patient information in the
> persistence layer.
> Hope this answers your question.
Yes, you clarified many questions I had.