Ahh I misunderstood, xmadd is correct in regards to the storing of the information.. I didn't read the part about storing it on a webserver database. I figured it would be comon knowledge to store sensitive data offsite and I wasn't referring to where to store the data just that it was legal to store the data.
xmadd this is sysop by the way :P