fbpx

Free tools and resources for Data Protection Officers!

Why the ‘encryption exception’ may be over used

EU General Data Protection Regulation and some U.S. state laws provides the “encryption exception” – it can be used to exempt a company from breach reporting and notification obligations if data was encrypted and the key had not also been compromised.

The reasoning is that encryption preserves confidentiality – even for stolen data – by rendering it unreadable. But it’s not really true.

Source: Why the ‘encryption exception’ may be over used

>