Most people use encryption in the following way for passwords: user provides input, input is hashed, hash is stored, future attempts to log in are hashed and compared. This is very secure. Server compromised? No problem, all they get is a bunch of hashed stuff. Hashing is the main business of a bureau of any sort of public data. That is the business in 2017. If personal data were kept as fuzzy hashes that required partial knowledge to decrypt, systems would be more robust and information would be better protected. It is not a new idea, just an oft overlooked one.