True. In our environment we have other layers to deal with network security which covers us for encryption of a data as it's transmitted, and you definitely should do that, but that's not something a DBA would normally be concerned with.
And given that he said that the machine may be standalone, I would suspect that there would be a person at a directly (or nearly-directly) connected terminal, possibly via a web app. If you're going to, for example, email the data to someone, then it also has to be encrypted at that time, but that would need to be re-encrypted with a method the receiver would be able to decrypt anyway.