More and more organizations are requiring that data like social security number (SSN) are not just encrypted on disk, but in the database itself. SQL Server offers 2 ways to do this, depending on the version. Cell level encryption would require special permissions at the database layer, not application, to decrypt the data. Always Encrypted does encryption and decryption at the application/user end and the data can be encrypted for administrators of the data and to SQL Server itself. Because of the sensitive nature of this application, it makes sense to allow the customer to select an encryption option for this type of data OR build it into the application without an option to disable it.