Cybersecurity: Encryption as a privacy tool

Encryption is an excellent security tool… even if it wasn’t, the UK Information Commissioners’ Office (ICO) sees it as a basic precaution, meaning that is should be on the radar of all data-handling organisations.

All security measures have their strengths and weaknesses and none supply perfect security, but with clear links between the failure to encrypt data and actions taken by the ICO, it is easy to quantify the return on investment for encryption.

With that in mind, we’ve written a brief overview of what encryption does, why it’s good for privacy and what problems it’s not going to solve.



The most basic explanation is as follows: done correctly encrypted data is in fact not data at all, to anyone without the key it’s incomprehensible gibberish without any value.

The reason the ICO takes action against organisations who’ve failed either to encrypt (or to configure their encryption so that works as intended) is because if gibberish ends up in the public domain nobody cares… it’s not actually data.We use encryption for privacy protection as well as security because it reduces risks to the confidentiality of the data. It’s the last line of defence when: an attacker has got past all the other layers of security; an employee has unwittingly made a mistake; or your web developer hasn’t got around to patching your server in time.

The graphic above gives an overview of some key terms about encryption.

Click here to download a more detailed version of this article.


Clayden Law has teamed up with technical expert, Emma Osborn. and over the next few months we will provide some back-to-basics analysis of the technical, legal and data protection issues surrounding cybersecurity, aimed at organisations’ non-technical decision-makers. Together, we’ll be highlighting key cybersecurity and data privacy fundamentals and looking at the interplay between law and practice in this area. For more information, click here