A de-identification technique that with a value in a dataset in such a way that only authorized parties can access the original value and those who are not authorized cannot. In an encryption scheme, the original value, referred to as plaintext, is encrypted using an encryption algorithm to generate ciphertext that can only be read if it is decrypted.

It is good practice to encrypt data at rest and in transit. However, while encryption can help protect against unauthorized access, it does not protect the privacy of individuals’ data when it’s used by people who are authorized. This is known as an insider attack.

Return to glossary