Data can be encrypted two ways: at rest and in transit.
Please note: employing these two types of encryption safeguards must occur in tandem; it's not automatic. Data encrypted at rest does not guarantee it remains encrypted as it traverses a network. Conversely, data encrypted "over the wire" does not offer any safeguard that the content remains encrypted after it has reached its destination.
Refers to data storage — either in a database, on a disk, or on some other form of media.
Note: Indiana law recognizes the value of disk encryption — such that a lost/stolen laptop or storage media is not considered a breach if that media was encrypted (and the encryption key was not available with the device).
Refers to data that is encrypted as it traverses a network — including via web applications, smart phone apps, chats, etc. In-transit basically refers to the point at which the data leaves the storage drive or database until it's re-saved or delivered to its destination. Protecting information in transit essentially ensures protection from others attempting to snoop or eavesdrop on information as it traverses the network.
Symmetric vs. asymmetric key algorithms
Symmetric key algorithms use related, often identical keys to both encrypt and then decrypt information. In practice, this is known mostly as a shared secret between two or more parties.
Asymmetric key algorithms, however, use different keys to encrypt and decrypt information; one key encrypts (or locks) while the other decrypts (or unlocks). In practice, this is known mostly as a public/private key; the public key can be shared openly, the private key should not. In most cryptographic systems, it is extremely difficult to determine the private key values based on the public key.