According to the Canadian Centre for Cyber Security, ‘encryption encodes (or scrambles) information. Encryption protects the confidentiality of information by preventing unauthorized individuals from accessing it.’
The UK Information Commissioner’s Office (‘ICO’) also provides a simple and clear explanation of data encryption by defining it as ‘a mathematical function that encodes data in such a way that only authorized users can access it’.
It is the process of turning data into “ciphertext”, rendering it unreadable to users that do not detain the correct decryption key or password.
Depending on the type and risks of a processing activity, encryption is considered as a good process for data protection. It is indeed mentioned in regulations such as GDPR in the EU.
Encryption is an important part of cyber security, one of the many security controls that helps protect the confidentiality of data. One of the best practices recommended is to implement an encryption policy by, amongst others, evaluating the sensitivity of the information. Entities should also provide training in the use and importance of encryption to protect and store data in a secure manner.
Various international standards exist with regard to encryption. and entities should ensure that their encryption solution or technology meets the relevant standards.