I have been asked to build a web application that will be used to store and manipulate sensitive financial data for a private lending firm. Before I bite off more that I can chew, I am trying to figure out if there is anything I should know about legally hosting and securing this kind of information. I have read much about PCI compliance when working with credit card information but this data is a bit different. There will be no financial transactions done online, just viewing balances, rates, loans, etc. by customers and manipulating this data by administrators. I'd equate the sensitivity of this data to that of a bank.
So my ultimate question is whether or not there are any laws regarding storing and transmitting this data. Obviously, an SSL certificate is in order, but what about the hosting. Should I get a dedicated private server or is shared hosting suitable?
Any other input on this situation would be greatly appreciated. Thanks