[cfors]

I don't need to know anything about user123 outside of the fact that they are located in Perth, Australia.

Nothing else matters to me for this, I don't have access to any PII data like email or device (look, I know user ID's can technically be considered PII depending on which infosec person you're talking too).

Is this still a problem?

I understand your metaphors but without knowing that user123, who created a ticket in our system, is in Perth Australia (which for some reason that locality in my own metaphorical example is having issues processing payments) how we're supposed to resolve this.

Maybe I'm just hopelessly optimistic that people aren't as awful as we want them to be, or naive.