If you have to get into personal information that is inside somebodies private property to make money then let us all hope your CISSP friends do their job and put you out of business.
A legitimate business model makes money by delivering goods and services that people want or need for a fee.
Un-solicited engagement based on access to personal data that is on a private device that you were not given specific access to through a legitimate and open exchange is illegal everywhere except computers and Cell Phones.
Nobody wants or needs anything that requires you to have access to information they did not give approval to have.
They especially do not want or need anything that would allow you to do whatever you wanted with that information to make money. Like selling it to a third party.
That is double true if you charge them for part of this service while collecting their private data while having promised anonymity, and then sold it hoping not to be seen.
I worked in the POS, Off Site ATM, and Bank Switch industry for about 7 years.
Nobody I ever met during that time that was providing any of the services wanted anything to do with any bodies personal or private data and information.
There were several rules and regulations that were followed and enforced by the Secret Service to help us make sure we didn't.
Currently I work in the Health Industry.
It is amazing to me that all of our private information stored on computers is not kept that way under the same rules as our Private Health Information.
In short, you may end up not having what you want for quite a while if your ability to make money requires having free and open access to peoples private devices and the information that passes across them.