Which practice best protects customer data?

Protecting customer data relies on strong protection for data both in motion and when it’s stored, along with strict access controls. Encrypting data in transit prevents anyone from reading it if it’s intercepted as it moves across networks, while encrypting data at rest keeps stored information unreadable even if storage devices are compromised. Coupling this with limiting access to authorized personnel enforces the idea that only those who need to see the data can access it, reducing the chance of leaks or misuse. The other approaches make data more vulnerable: turning off encryption opens the door to interception, storing passwords in notes is insecure, and sharing credentials breaks proper access control. So the best practice is to encrypt data in transit and at rest and restrict access to authorized personnel.