Data Loss Prevention (DLP) is a strategy that ensures that the owners or custodians of confidential information prevent its loss, transmission, or unauthorized access. The term — similar to confidentiality — is likewise used to describe practices that system admins use to control what information their users are able to view or transmit.
Admins design and enforce DLP in accordance with corporate guidelines. These define the mobility constraints of data and who accesses it so employees do not mistakenly or intentionally share information deemed sensitive. For instance, if a worker wanted to convey corporate documents using DropBox, a distributed storage platform, and that platform was unsupported, the worker would be denied the ability to access DropBox.
Alongside the option to screen and control endpoint activity, some DLP tools limit information streams on the corporate system and encrypt data in transit.
DLP adoption is being driven by insider dangers and by increasingly thorough privacy laws and regulations such as the Health Insurance Portability and Accountability Act (HIPAA). DLP regulations such as HIPAA have stringent information assurance, transmission, and privacy guidelines.
Example:
"Please ask your manager for editing privileges. As of now you have read-only access to this file. It's nothing personal — it's just the default permissions of our DLP policy."