If I'm honest, I think the question's being tackled from the wrong end. As Steve alluded, it's the (mis)use, potential or real, to which the data is put that is the important factor, not what type of data it is.

As a person, consumer and parent, I'm more concerned about my family's safety than that of my bank account, so I value the security of my childrens' name and address data more than that of my credit card number. However, as a DBA, I know many companies might get twitchier about a credit card number being mistakenly disclosed than someone's address.

I think the important thing, therefore, is to have an accurate picture of which areas of data under your responsibility are most important to keep secure, and the damage that not doing so could cause.