However, the study also reveals that encryption is viewed by many as an important security tool that enhances the IT professionals' overall sense of trust or comfort in data-protection efforts. The primary reasons cited for not encrypting sensitive or confidential information were concern about system performance (69 percent), complexity (44 percent) and cost (25 percent).

Sponsored by PGP Corp., this independent study was conducted to learn what privacy and security professionals think about encryption and how adequate they believed their organization's security programs are to protect sensitive and confidential information.

Encryption is mostly used to protect sensitive or confidential electronic documents when sending them to another system or location (47 percent), according to our survey results. Only 31 percent of respondents encrypt data on a device such as a server or laptop, and 24 percent encrypt sensitive or confidential backup files or tapes before sending them to off-site storage locations.

Given the number of security breaches that are being reported, it seems that now might be a good time to look more closely at encryption. Just this week, for example, tapes containing data on 2 million ABN Amro customers went missing, although the tapes were later recovered (see Update: Missing ABN Amro tape with 2 million names found). And companies are starting to be held liable for not safeguarding data. The Federal Trade Commission recently charged shoe discounter DSW Inc. with failing to provide reasonable and appropriate security for sensitive customer information, because the company allegedly stored information in unencrypted files that could be accessed easily using a commonly known user ID and password. DSW recently settled with FTC over charges that its data-security failures constituted an unfair practice under federal law, allowing hackers to access credit card, debit card and checking account information of more than 1.4 million consumers.

Who responded?