I believe it's healthiest to assume there has been a breach at all times, to make a system so segmented and resilient that even if there is a breach, you can find it, recover quickly and the damage will be minimal. I don't think you should put all your eggs in one basket. I believe the solution to having people submit the same info over and over again is to minimize the amount of information that is necessary from them. For example, here in the United States, we're not supposed to give out our social security numbers all the time, according to the government, yet every doctor's office asks for that number. Doctors' offices shouldn't be asking for it.
Minimize, optimize, make it streamlined, but I just don't think putting all of your eggs in one basket is a good idea.