Why the ‘encryption exception’ may be over used

EU General Data Protection Regulation and some U.S. state laws provides the “encryption exception” – it can be used to exempt a company from breach reporting and notification obligations if data was encrypted and the key had not also been compromised.

The reasoning is that encryption preserves confidentiality – even for stolen data – by rendering it unreadable. But it’s not really true.

Source: Why the ‘encryption exception’ may be over used

>