The legal obligations for encryption of personal data in the United States, Europe, Asia and Australia

This White Paper examines the legal and regulatory obligations to encrypt personal data in three of the major economic regions of the world, namely:

• the European Union – exploring, in particular, the regimes that exist at present in the United Kingdom, France, Germany and Spain;
• the USA; and
• the Asia-Pacific region – exploring, in particular, the regimes that exist in Singapore, South Korea, Japan, Taiwan and Australia

In each case, this paper presents the argument that, whether expressly or by implication, the laws in those jurisdictions give rise to a clear need to deploy encryption technologies to protect personal data.
In addition to this, this White Paper also explores how financial services laws and regulations require encryption in some jurisdictions, examining particular obligations placed on the payments services industry, and the obligation to implement access controls and threat pattern recognition capabilities.