The PCI standards are quite explicit about what is included in the fields that either can not be stored (subsequent to authorization) or that if stored must be encrypted.

Are there any EMV fields that 'should' be treated as somewhat sensitive and so be encrypted and not displayed/listed etc.

One field that was suggested is the Authorization Request Cryptogram (ARQC) which could be used in a brute force card attack.

Thanks in advance for any thoughts you may have to share on this matter.

Beyond the same data that is on the track (PAN, CVV, and track equivalent data), I see no reason to protect any other EMV data to the same extent as what is required for PCI 'cardholder data'. Certainly, unless there is a serious problem with that particular issuers implementation, the ARQC should not expose any security problems.

One caveat is that if you deal with "one off" cards, be sure their mag stripe conforms to ISO standards. I've seen prepaid products with a PIN embedded in the mag stripe, and all sorts of funky stuff...

It's not under PCI DSS, but you'll definitely have state & federal problems if one of these is breached, because most laws do not care about brand. The same goes for your job applications out at the retail sites, and age verification systems (storing DL information) for alcohol & tobacco sales.