[the_mitsuhiko]

Revolving backups and you throw away old ones. After 30 days or so theast traces of a customer’s keys will be gone.

[mappu]

In that situation, the data is "inaccessible" but a data breach during the backup retention period will still leak their details.

We can already achieve that result by removing records from the live DB and ignoring the whole backup situation.

So what has this separate encryption process achieved?

[the_mitsuhiko]

It has achieved that within a time frame PII of a user are removed from backups.