There is no such thing as absolute security. Information security techniques are designed to counter specific technical attacks. Specific attack measures are defeated (or sometimes only blunted through delay), by specific INFOSEC countermeasures, designed to cost less than the cost-of-compromise of the data to be protected.

Which INFOSEC countermeasures you need, and the adequacy or inadequacy of those you have, can only be measured against your particular threat profile.

This requires identifying those to whom your data has value; identifying the types of attacks which each potential class of attacker is technically and financially able to mount; and choosing INFOSEC countermeasures adequate to defeat the worst attack measures you can realistically expect them to employ against you.

Data that is always stored on a computer (or backup media) that never leaves your physical security perimeter does not need encryption. However, you must define exactly what that physical security perimeter is. The most secure facility offers no protection from untrustworthy co-workers or visitors who are inside it with you.

If you keep your data on an always-physically-secured system, but need to communicate some of it through unsecured communications channels, you need COMmunications SECurity. This requires the ability to create strongly-encrypted copies for transmission, such as with high-grade e-mail encryption software.

If you must store sensitive data on a PC or laptop that is not always physically secured, you have to encrypt it. However, you must also protect it against attacks using forensic data recovery techniques. Such attacks attempt to read deleted (or inadequately overwritten) magnetically stored data on your disk either

(1) through its drive controller connector, using PC-hosted software;
(2) through its drive heads, bypassing the disk's controller circuits; or
(3) directly on each disk platter's recording surface in a clean-room.

Class 1 attacks can be mounted directly with forensic software, hosted on your PC or on the attackers' PC. These software-based attack measures can be countered with software-based countermeasures; viz., any kind of disk data overwriting (such as Clearing per DOD 5220.22-M) that is applied to all sensitive plaintext on the disk.

Class 2 attacks use special amplifiers and signal processing to extract previously recorded data from under subsequent overwrites. They rely on increased capabilities over the disk's on-board electronics. Sanitizing per DOD 5220.22-M was designed to counter such attacks by increasing the noise-to-signal ratio beyond their capabilities.

Many (but not all) INFOSEC people believe that the increased signal-processing sophistication of the on-board controllers required to even read the last-written data has kept Sanitizing ahead in this particular measure/countermeasure race. However, most question the adequacy of Sanitizing in protecting older, lower-density disks (especially diskettes) against the most modern and sophisticated Class 2 attacks.

Class 3 attacks (such as with magnetic force microscopy), are generally considered able to penetrate any software countermeasures, including any kind of overwriting. They are very costly techniques to use to recover the complete image-as-it-used-to-be of an overwritten multi-gigabyte disk, as opposed to a few specifically targeted bytes.

"Magnetic Media Microscopy (MMM) is used in cases where data has been overwritten. MMM is a lengthy process that involves examining each bit of data at a magnetic level to determine that bit's previous state. Recovering just a floppy disk using this technology can take days or weeks. MMM is rarely used because of the cost factor." - ESS Data Recovery

Nevertheless, any data of sufficient value to intelligence services or comparably funded adversaries should not have its confidentiality rely upon overwriting countermeasures.

The value of your data to the kinds of attackers who can use each class of techniques will determine whether you must counter that class. This is the basis for requiring defense contractors to use Clearing or Sanitizing per DOD 5220.22-M (for re-use or for disposal, respectively) of media containing data classified as Confidential or Secret, while requiring NSA-approved degaussing and destruction for Top Secret media.

An unclassifed 1991 Navy microcomputer INFOSEC risk analysis survey postulated the nominal, per-incident, costs-of-compromise for Privacy Act data or Confidential data as $10,000; for Secret data as $100,000; and for generic Top Secret (TS) data as $1,000,000. Presumably, the remainder of the hierarchy's list of value categories (TS/SIOP, TS/SCI and TS/National Cryptologic) each added another zero to the cost.

These planning numbers would obviously be larger in today's dollars, but they offer a relative scale that may provide some perspective to help you associate classes of attack measures with the values placed on your data - by you and by your adversaries.