This corporate culture of "store everything" needs to go away. At least in the past, we had storage limitations that made this infeasible. But dammit, as a software engineer, if the system requirements tell me to store something that would be bad if it was released, then I'm not storing it unless there is a damned good reason AND it is well encrypted.
Not to mention with child privacy laws, this sort of thing has to be well kept.
For an example - take a look at Nintendo - we lambast them for "friend codes" and awkward DRM. But you realize that the intersection of various child privacy laws worldwide mean Nintendo basically cannot ask for any information - no name, no email address or anything.
And by doing this, they just have to associate a hardware serial number (anonymous!) with purchases (also anonymous!). If you transfer to another console, it's moving the purchases to a new serial number.
But this means you also cannot create an account and re-download stuff (because Nintendo doesn't know who you are), and if your console breaks, you have to bring it back to Nintendo (so they can move the stuff to a new serial number).
Sure today you can create a "Nintendo Network" account that tries to associate your purchases with an ID, but that's optional and you still suffer the same limitations.
it's the only way Nintendo could guarantee even if they were hacked, that there was no private data to take, and legally they couldn't collect any information.