When to comes to truly protecting data, encryption is a no-brainer. In fact, some industry regulations require that businesses and associations encrypt specific information. Health care is a great example of this, but organizations in all sectors have a responsibility to protect their customer and client information, whether it's personally identifiable information or an email between colleagues.
Jurisdictions around the world, including the European Union and Canada, are enacting laws and creating regulations forcing companies that collect personally identifiable information (PII) to store the data of their residents within their national boundaries. This concept is known as data residency and the idea is that local privacy laws will apply to data stored locally. Since privacy laws differ depending on the jurisdiction, it makes sense that Europeans, for example, want to be protected by their own laws. The problem is that data residency has never provided this kind of protection and recent court rulings in San Francisco and Canada highlight this fact.
I f you don't have anything to hide, then why would you object if the police come to your home to search and take pictures of your documents without your permission?
Unfortunately for you as a consumer, the discussion regarding data protection is often focused on corporations and what they can do to prevent hackers from accessing mission-critical communications and intellectual property. The world needs a reawakening when it comes to personal data security, because right now, this issue is not taken seriously enough, and many people just don't understand that government surveillance programs are a massive infringement on privacy.