If you encrypt it, you have to, at some point, also send the keys to the user. The key has the same legal protection as the rest of the document so encrypting the data has no implication on the legal discussion.
> If you encrypt it, you have to, at some point, also send the keys to the user.
Not if you're using a public key cryptosystem and the user generates their own private key. Only the public part is communicated (from the user to the source of the information), and that isn't enough to decrypt the document.
No, because if those keys have to be extracted from elsewhere to bypass a security measure it becomes a breach. The way the documents are published and the way in which they are accessed are relevant to the discussion.
