PGP scripting...

I apologize if this is a bit off-topic, but I'd like to ask a question about practical use of PGP. I am a software developer, and have a client who is making a great attempt at being security conscious (to the extent of hiring a security consultant).

We (my client) have a system that loads orders into an Oracle DB, and processes billing (Java/Solaris based). One of the 'decrees' from my client is that all files that store 'sensitive' data (customer info and the like) shall be PGP encrypted, and *never* be stored on a HDD in un-encrypted form (even while processing said file).

I can understand the desire to archive these files in encrypted forms, and to encrypt these files while transporting out of the system. But I think this idea goes a bit too far as to be more counter-productive than useful. After many days of fighting with 'pgp -f' and modifying processes to use stdin/stdout, I've gotten much of this working.

I would have prefered to use a PGP library (Java code), but was unable to find any within the timeframe.

My question therefore is: is all this worth the trouble? In order to use PGP with scripts (or even Java code), the scripts need access to both the private key and pass phrase (which are stored locally in files). If the system were compromised would any of this help? Is there a better way I could do this than what I am already doing? This is somewhat academic for me at this point, as my client is inflexible on this point and code has been written, but I'd be interested in hearing your opinions on this subject.

Thanks.

-- 
// Andrew MacKenzie  |  
http://www.edespot.com
// "Those are my principles. If you don't like them I have others." 
//      -- Groucho Marx