What specific data are you logging that is subpoenaed? I imagine the focus of this meeting was to increase the DNS request logging, but I could be wrong.
For web browser traffic only, isn't really the only individually identifiable information included in the DNS server logs? Obviously you would keep a log from your authentication server, but I'd be interested to find out which logs you are maintaining that specifically relate to web browsing, and the connectivity method most of your customers are using (i.e. dialup, etc.)