Add potentially useless "do not store PII" requirement