Legality and security standards of sending SSN/Driver’s License via email
I am creating a website in the state of Ohio that users shall enter their last 4 digits of SSN or their Driver's License number. This data is submitted to the web server which generates a PDF containing the aforementioned information in PDF, that will further be emailed to the user.
Are there security standards that govern how this type of sensitive data is handled, especially regarding emails? Also are their potential legal issues arising with this regard?