Remember that the data your company is collecting from your customers should be considered sensitive information. You may be bound by additional regulatory limitations on accessing data such as:
Personally identifiable information (PII): How you handle and safeguard customer's identities http://en.wikipedia.org/wiki/Personally_identifiable_information
Payment Card Industry Data Security Standard (PCI DSS): How you safeguard credit card information http://en.wikipedia.org/wiki/PCI_DSS
Service Organization Control (SOC-2): How you control access to information/systems http://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/Pages/AICPASOC2Report.aspx
Statements on Standards for Attestation Engagements (SSAE-16): How you manage changes http://www.aicpa.org/Research/Standards/AuditAttest/DownloadableDocuments/AT-00801.pdf
Sarbanes Oxley (SOX): http://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act
This is by no means a definitive list, so be sure to...