- Pricing/Invoicing
- Prerequisites
- Academic Status
- Professor assignment
- Course Reviews / Social Media
All of these viewpoints are close enough to the registration system that there is a bias towards reusing as much existing code as possible.
Companies that store personal information at that level should be required to implement PCI-DSS level security. This includes going through the auditing process.
Here's a quick overview.
https://www.pcisecuritystandards.org/documents/PCI%20SSC%20Q...
You can work to not implement the security standards, and then try to fake your way through the audit. At that point you are not ignorant of proper security, you are actively endangering the users, and your right to hold PII (Personally Identifiable Information) should be revoked.