You can limit the power of the system administrator or database owner to access private data when you specify passwords on keys using create encryption key or alter encryption key.
decrypt permission on the data
The encryption key’s password
Users must also know the password to run DML commands that encrypt data.