A credit card number is managed/owned/valid within the payment networks. Since they manage it, they get to dictate what means of protection are required in order for you to engage in business on those networks.
Government IDs are usually property of the body which issues them. That means each state can (and IIRC, does) have rules about what you can and cannot use that information for. Therefore you'd have to know the rules for each state or issuing body.
That's not to say that common sense _ought_ to dictate that these things should happen anyway, but who thinks to look up various state government rules on handling a Driver's License?
Yes, but then again it's much simpler. Leak credit card data because you didn't stored it as they want, you'll never touch one again. But if you leak personal user data, nothing (really) bad will happen to you.
A credit card number is managed/owned/valid within the payment networks. Since they manage it, they get to dictate what means of protection are required in order for you to engage in business on those networks.
Government IDs are usually property of the body which issues them. That means each state can (and IIRC, does) have rules about what you can and cannot use that information for. Therefore you'd have to know the rules for each state or issuing body.
That's not to say that common sense _ought_ to dictate that these things should happen anyway, but who thinks to look up various state government rules on handling a Driver's License?