Calling for encryption and implementing it may be easy at a first glance. The problem starts when you have to grant access to data including a segregation of duty. Workflows with Segregation-of-Duty requirements or involving multiple parties with non-aligned interests (typically mutually distrustful) pose interesting challenges in often neglected security dimensions. Cryptographic approaches are presented to technically enforce strict auditability, traceability and multi-party-authorized access control and thus, also enable exoneration from allegations.
At DeepSec 2015 Thomas Maus held a presentation explaining the problems and possible solutions.