1. Malware installed on a payment terminal reads the card processing application's memory and extracts credit card numbers during the brief transaction authorization window — the card data exists in plaintext here because the application must process it
2. A security team encrypts all hard drives on employee laptops using BitLocker with TPM + PIN; if a laptop is stolen while powered off, the drive contents cannot be read without the PIN
3. A web application uses HTTPS (TLS on TCP 443) to encrypt customer login credentials and session data between the user's browser and the web server — an interceptor on the network sees only ciphertext
4. An organization storing EU customer data on servers in Singapore discovers that Singapore's local data protection laws apply to that data — not just the EU regulations — because data is subject to the laws of the country where it is stored