in reply to collecting sensitive data
But the best advice is never store sensitive data longer than you need to. As soon as you can get rid of it - do it.
Also have someone knowledgeable with secure handling of data review your design and your final implementation. Even if you feel comfortable with securely handling sensitive data, it's always better to get a second opinion.
One dead unjugged rabbit fish later...