Which security standards apply to you? Research this carefully. Here are some of the critical ones:
FIPS 140
http://en.wikipedia.org/wiki/FIPS_140-2
This standard comes from the US Government and governs how sensitive (federal) information must be encrypted. Administrations like the VA and the SSA are most concerned with this.
HIPAA
http://en.wikipedia.org/wiki/HIPAA
The Health Insurance Portability and Accountability Act is all about medical records. If you’re involved in medical care, you have some onerous HIPAA requirements. If you aren’t, but somehow possess other people’s medical records (as a lawyer might, for instance) most of it does not apply. But beware of (truly massive) civil liability.
SAS 70
http://en.wikipedia.org/wiki/SAS_70
The Statement on Auditing Standards No. 70 is a financial and accounting standard that might concern IT practitioners charged with data preservation and integrity.