diff --git a/app/services/user_profiles_encryptor.rb b/app/services/user_profiles_encryptor.rb
index 5f86d3bf58a..751f6b1a1c7 100644
--- a/app/services/user_profiles_encryptor.rb
+++ b/app/services/user_profiles_encryptor.rb
@@ -1,4 +1,7 @@
 class UserProfilesEncryptor
+  class MissingPiiError < StandardError
+  end
+
   attr_reader :personal_key
 
   def initialize(user:, user_session:, password:)
@@ -11,8 +14,13 @@ def encrypt
     if user.active_profile.present?
       encrypt_pii_for_profile(user.active_profile)
     end
+
     if user.pending_profile.present?
-      encrypt_pii_for_profile(user.pending_profile)
+      begin
+        encrypt_pii_for_profile(user.pending_profile)
+      rescue MissingPiiError
+        user.pending_profile.deactivate(:encryption_error)
+      end
     end
   end
 
@@ -21,7 +29,10 @@ def encrypt
   attr_reader :user, :password, :user_session
 
   def encrypt_pii_for_profile(profile)
-    pii = Pii::Cacher.new(user, user_session).fetch(profile.id)
+    pii_cache = Pii::Cacher.new(user, user_session)
+    pii = pii_cache.fetch(profile.id)
+    raise MissingPiiError unless pii
+
     @personal_key = profile.encrypt_pii(pii, password)
     profile.save!
   end
diff --git a/spec/services/user_profiles_encryptor_spec.rb b/spec/services/user_profiles_encryptor_spec.rb
index 4602d8fb5d6..337227482c7 100644
--- a/spec/services/user_profiles_encryptor_spec.rb
+++ b/spec/services/user_profiles_encryptor_spec.rb
@@ -36,25 +36,35 @@
 
     context 'when the user has a pending profile' do
       let(:profile) { create(:profile, :verify_by_mail_pending, :verified, pii: pii.to_h) }
-
-      it 'encrypts the PII for the pending profile with the password' do
-        encryptor = UserProfilesEncryptor.new(
+      let(:encryptor) do
+        UserProfilesEncryptor.new(
           user: user,
           user_session: user_session,
           password: password,
         )
-        encryptor.encrypt
+      end
+      let(:personal_key) { PersonalKeyGenerator.new(user).normalize(encryptor.personal_key) }
+      let(:decrypted_profile_pii) { profile.decrypt_pii(password) }
+      let(:decrypted_profile_recovery_pii) { profile.recover_pii(personal_key) }
 
+      it 'encrypts the PII for the pending profile with the password' do
+        encryptor.encrypt
         profile.reload
 
-        personal_key = PersonalKeyGenerator.new(user).normalize(encryptor.personal_key)
+        expect(decrypted_profile_pii).to eq(pii)
+        expect(decrypted_profile_recovery_pii).to eq(pii)
+        expect(user.valid_personal_key?(personal_key)).to eq(true)
+      end
 
-        decrypted_profile_pii = profile.decrypt_pii(password)
-        decrypted_profile_recovery_pii = profile.recover_pii(personal_key)
+      context 'but the pending profile has no PII associated with it' do
+        before { user_session.delete(:encrypted_profiles) }
 
-        expect(pii).to eq(decrypted_profile_pii)
-        expect(pii).to eq(decrypted_profile_recovery_pii)
-        expect(user.valid_personal_key?(personal_key)).to eq(true)
+        it 'deactivates the profile with an encryption error' do
+          encryptor.encrypt
+          profile.reload
+
+          expect(profile.deactivation_reason).to eq('encryption_error')
+        end
       end
     end