You can't make that statement blindly without knowledge of the entire cryptosystem and threat model. For example, to me, an encrypted version of my email address, as used by many ad networks to do retargeting, is still sensitive information if it lets Walmart serve me ads based on my Google search history.
