Although this doesn't surprise me, this FoI request seems like a plug for the services of Egress Software Technologies to me. Cynical Englishman that I am.
My view is that the Data Protection Commissioner is being negligent in not demanding that all businesses - not just lawyers - routinely encrypt at rest and in transit. We can of course speculate why he has not done so. Meanwhile, we also know that the UK security services have monitored client-privileged legal communications in cases involving the security services themselves. And that the Home Office are attempting to "legalise" this kind of behaviour through secondary legislation - rule of law isn't important really.