Aspects and features of the present disclosure can provide encryption to maintain data privacy while allowing deduplication of some client data by or cloud-based storage platforms. Data can be identified as public data and left unencrypted so that it can be deduplicated. Other data can be identified as personal data, which can be encrypted with a personal key, or as group data, which can be encrypted with a shared, group key. Identifying the data can include storing the data in storage regions within a closed environment. The storage regions can be established, at the client, in a storage platform, or both. Optionally, a storage platform can include multiple storage regions for multiple groups of users, wherein each group is assigned its own unique encryption key. Such data can thus automatically be subject to the same deduplication routines as unencrypted data.