Not all PII is inherently "sensitive" though. Meaning not everything that can be used to actually identify you needs to be encrypted and protected. I don't know for sure but I don't think names or addresses qualify as that.
I absolutely would say it would, especially where there's a very good chance that the home and work addresses are part of that list, and the idea that someone would use a database like that to spy on an ex and harass and/or assault them is an actual thing that happens.
