Using full-disk encryption (FDE) is a great first step if you want to protect your data, but sometimes it isn’t enough. You may be forced by law to decrypt your data, so if you truly want to stay protected you need to hide your sensitive files elsewhere and use your primary disk as a decoy.
Security expert Brandon Gregg explains:
FDE drives still leave your data and personal information vulnerable in at least two scenarios: 1) You are forced to turn over your password (as in Judge Blackburn’s District Court ruling), or 2) Someone has hacked into your live machine and remotely recording your keystrokes/data while you work. To address these issues, we are also going to put our personal/business files in an encrypted directory — but not using just any encryption scheme. Encryption with hidden volumes is the key to really protecting your information and rights. With a correctly implemented hidden volume on your encrypted hard drive, you don’t have to worry when someone cracks (or coerces you into giving up) the password. When they use it to open the door, they will only see the closet.
Brandon suggests using a bad password for the “closet” (your encrypted hard drive — not the sensitive data), such as “password”. It’ll get cracked easily, which will encourage the person looking at your data to believe that you’re not smart enough to hide and encrypt your truly sensitive data elsewhere. Keeping that data in a secret volume is a very clever trick and requires hardly more work than encrypting your disk in the first place. If you’re looking to keep your files secure, this is a great way to do it.
Three steps to properly protect your personal data [CSO Online via Quora]