On a side note, it never ceases to amaze me at how companies (even financial ones) will send scanned forms full of sensitive information over email with no encryption and never give it a second thought.
Still more funny, try to convince a "conventional" finnancial institution you're working with to use something simple as PGP. You'll hit a wall of consultants not even knowing what encryption is, but communicating very "professionally" all day long....