[CR #392841] Encryption of data through alter table copies a table to new data pages. The old (clear text) values remain in the unused pages until those pages are reused by the server. A similar situation exists with the transaction log. Log records of updates and deletes on tables prior to encrypting the data (through alter table) also persist until those log pages are reused.
Workaround: To destroy residual data pages, build a new device. Use bcp to copy all the data out from the old device and back in to the new device. The -C option on bcp leaves the data in ciphertext format during the transfer. Destroy the old device. If plain text values remain in the transaction log, normal database activity replaces these pages.
