[goto11]

> can't afford to do it right

The simplest way to comply is to not obtain and store personally identifiable information at all. Luckily this is also the cheapest. So I don't really buy that you "cant afford to do it right".

If you want to obtain and store personally identifiable information, then you have to mange it properly, just like selling food, medicine, financial services etc. need to follow certain regulation.

Note that all the competitors in the space will have to follow the same regulation, so it is not like it put you at a disadvantage.

[im3w1l]

I don't want to live in a world where inviting people over for dinner is practically illegal because of food safety regulations. And I don't want to live in a world where I'm not allowed to write down my friends' birthdays and phone numbers.

I'm not sure if we have passed the line of too many regulations, but I know it's out there.

[beher]

The EU even considers an IP address as personally identifiable information...

[ikiris]

If you remove "IP" and it still seems like a bad idea... i just dont understand what your problem is.

[goto11]

Of course.