I was in a c-store this past weekend canceling a car wash membership plan on my car I maintained over the winter months and found to my surprise that their relatively new monthly car wash membership plan was maintained on paper index cards of which contained all my personal information (name, home address, telephone number, make, model, year of my car, and license plate number) all tied to my credit card data so that they could charge my card the first of each month per the terms of their monthly plan as long as I left it in force. Even worse the paper cards were retrieved by the employee from a box that was just sitting on top of the back office desk where of course any employee or curious customer that happened to be in the back office could view them.
This large c-store operator was clearly aware of security for the most part, using secure POS / back office software to process transactions and run their business. I recognized the binders for the secure software on their back office book shelf, but the customer information for the wash plan was in clear text and NOT AT ALL secure.
It is very important that c-store operators consider all methods of storing customer data when they think about data security within their operations. Consider all sensitive data storage, especially written personal information within your organization, like car wash membership or service records, that may be used less often on a given day, but are far more vulnerable than your electronic systems.