Personal data is under constant threat in the modern world --- from corporations looking to profit from over-collection and sale of personal data, to criminal interests who steal data for ransom, identity theft, and personal and corporate secrets. In response to the alarming rise in the exploitation of data, governments worldwide have begun enacting privacy legislation to give users more control over their personal data. However, there are technological constraints to making current systems compliant. Legacy systems are unlikely to have been designed with privacy considerations in mind. As such, it is difficult to instrument them in order to support the degree of transparency and access that are mandated by privacy legislation. Even if systems are instrumented to support user control over their data, they are still vulnerable to insider attacks and large-scale data breaches. The only fool-proof method to protect against such breaches is to use encryption for private data. However, plain encryption reduces the utility of outsourcing data, in that it does not allow the user to operate on their own data without downloading all of it. Then we turn to cryptographic primitives such as fully-homomorphic encryption (FHE), structured encryption (STE), property-preserving encryption (PPE) and oblivious RAM (ORAM). These primitives have all been widely studied and used to build systems that support various degrees of operation over encrypted data. Each of them also offers different trade-offs in efficiency and security. The security of these primitives can be quantified in terms of the leakage i.e., meaningful information that is visible to an adversarial server. In this thesis, we describe work that advances the state-of-the-art in compliant and secure databases. We present: (1) a tool that will largely automate GDPR access requests on legacy databases, thereby reducing the manual work required to deal with custom schema and application logic; (2) a general leakage suppression framework for structured encryption schemes that support updates to the data structure, and, (3) efficient leakage suppression techniques for dictionary encryption schemes that do not support updates to the underlying dictionary structure.
