Encryption shows up in self-regulatory guidelines, best practices and pieces of legislation all over the world. It’s thought to be one of the best ways to protect data—particularly from cyber-attacks; however, it draws a fair amount of ire from some government agencies and law enforcement regimes, as it can hamper investigations into criminal and terrorist activities. If you’re not a techie, it can also be somewhat intimidating to implement. The IAPP Westin Research Center boils it down for you on this topic page.

Featured Resources

Decryption and Inspection and the Steps Needed for Privacy Compliance

This web conference provides an overview of the threat landscape and how attackers use encryption to their benefit and why the inspection of network traffic is necessary for privacy compliance.
Read More

How can homomorphic encryption address privacy in COVID-19 apps?

Husna Siddiqi and Dalia Khader explain how a cryptographic concept called “homomorphic encryption” may be able to help assuage privacy concerns around COVID-19 applications.
Read More

Encrypt your data to make GDPR and Russian Localization Law compatible

Oleg Blinov suggests encryption could be “a strategy that would be in formal compliance with Russian personal data law while maintaining a high level of protection of data subject’s rights and interests.”
Read More

Latest News and Resources

Apple to expand encryption in its cloud backups, halts CSAM rollout

Apple announced Wednesday a suite of data security improvements it plans to roll out in the coming months that aim to protect consumer data and ward off hackers.  The three data security features include iMessage Contact Key Verification, Security Keys for Apple ID and Advanced Data Protection for iCloud. In a company announcement, Apple Senior Vice President of Software Engineering Craig Federighi said the new features will provide users with "three powerful new tools to further protect their ... Read More

The EU's temptation to break end-to-end encryption

Last May, the European Commission presented a proposal to fight Child Sexual Abuse Materials. The proposed legislation has spurred controversy as it touches upon the delicate issue of private interpersonal communications and might affect end-to-end encryption. The issue of child pornography has exploded recently, as abusive online content has increased by 60 times in the last 10 years. While content production mainly takes place in the "global south," groups of countries in Africa, Latin Americ... Read More

Multiparty computation as supplementary measure and potential data anonymization tool

Privacy-enhancing technologies like secure multiparty computation, homomorphic encryption, federated learning, differential privacy, secure enclaves, zero-knowledge proof or synthetic data are becoming increasingly relevant in practice and considered by regulators. Approaching the challenging trade-off between data privacy and data utility for a vast variety of use cases, privacy-enhancing technologies embed important privacy-by-design principles in the data life cycle. They aim at enabling inc... Read More



The process of obscuring information, often through the use of a cryptographic scheme in order to make the information unreadable without special knowledge; i.e., the use of code keys. Encryption is mentioned in the General Data Protection Regulation as a potential way to mitigate risk, and certain breach notification requirements may be mitigated by the use of encryption as it reduces the risks to the rights and freedoms of data subjects should data be improperly disclosed.... Read More


The materials necessary to encrypt and decrypt a given message, usually consisting of the encryption algorithm and the security key. Associated term(s): Encryption... Read More

Digital Signature

A means for ensuring the authenticity of an electronic document, such as an e-mail, text file, spreadsheet or image file. If anything is changed in the electronic document after the digital signature is attached, the signature is rendered invalid. Associated term(s): Authentication, Encryption... Read More

Encryption Key

A cryptographic algorithm applied to unencrypted text to disguise its value or used to decrypt encrypted text.... Read More

Symmetric Key Encryption

Also known as Secret Key Encryption is a form of encryption using a single secret key to both encrypt and decrypt data. Associated term(s): Asymmetric Key Encryption, Encryption... Read More

Secret Key

“A cryptographic key used with a secret key cryptographic algorithm, uniquely associated with one or more entities and which shall not be made public. The use of the term "secret" in this context does not imply a classification level, rather the term implies the need to protect the key from disclosure or substitution.” (Federal Information Processing Standards Publication 140-1, Security Requirements for Cryptographic Modules)... Read More

Asymmetric Encryption

A form of data encryption that uses two separate but related keys to encrypt data. The system uses a public key, made available to other parties, and a private key, which is kept by the first party. Decryption of data encrypted by the public key requires the use of the private key; decryption of the data encrypted by the private key requires the public key. Associated term(s): Symmetric Encryption, Encryption... Read More

Public Key Infrastructure

A system of digital certificates, authorities and other registration entities that verifies the authenticity of each party involved in an electronic transaction through the use of cryptography. Acronym(s): PKI Associated term(s): Cryptography... Read More

Hashing Functions

Or “hashing” is taking user identifications and converting them into an ordered system to track the user’s activities without directly using personally identifiable information (PII).  Hashing can be used to encrypt or map data; in the context of privacy, hashing is used in cryptographic hash functions and have many information security applications.  Associated term(s): Anonymous Information, Pseudonymous Data, De-Identification, Re-Identification... Read More

Emerging Issues and Impact

Encryption's impact on potential liability under CCPA

In the last decade, California has suffered twice as many data breaches as any other state, with roughly 1,493 breaches affecting nearly 5.6 billion records. For an organization that handles the data of California consumers, adopting a robust security system is prudent. Encrypting consumer data is one strategy that an organization can adopt as part of a comprehensive information security and privacy program. Encryption benefits consumers by rendering compromised data unreadable, so that even if... Read More

Encryption's essential, but how do we push it forward?

Encryption is essential to address privacy and security concerns in the digital age. But throughout history, the intersection of the law, privacy and security through technical means like encryption has been complex. There have been proposals, studies, suggested legislation, technical implementations, successes, failures and endless discussion, but no easy answer to meet all concerns. Kristy Westphal looks at how to push solutions forward. Read More