in an initial time period, encrypting and storing the one or more data items in the database, wherein:

(1) the one or more data items are encrypted using an encryption key having a key life,

(2) the key life is associated with the one or more stored encrypted data items,

(3) a time stamp is stored one of with the encrypted one or more data items or in a another table or data set, and

(4) where the time stamp is representative of a time period during which the encryption key used to encrypt the one or more data items was generated or started to be used and representative of the time period the one or more encrypted items were last updated or inserted into the database;

entering a next time period, the next time period being at least subsequent to the time period(s) during which the one or more data items were updated or inserted into the database and having a corresponding time length, and wherein:

generating a new encryption key with an associated key life at the start of the next time period;

scanning the data base and identifying whether any of the one or more encrypted data items were previously encrypted using an encryption key now determined to be expired, wherein key expiration being determined from the key life and time stamp associated with the encrypted one or more data items in the database; and

identifying any of the one or more encrypted data items stored in the database that were determined to be previously encrypted using a now expired encryption key, and wherein:

(a) decrypting each of the identified one or more data items and re-encrypting each of the identified one or more data items using the new encryption key,

(b) changing the key life of the re-encrypted one or more encrypted data items to correspond to the key life for the new encryption, and

(c) storing another time stamp and an encryption key generation counter with the re-encrypted one or more data items, where the another time stamp is representative of the next time period.