dlp data leakage data loss prevention and protection
Data Loss Prevention (DLP) is a term referring to systems designed to detect and prevent the unauthorized transmission of information from the computer systems of an organization to outsiders. It is also referred to as Data Loss Protectoin, Data Leakage Prevention, Information Leak Detection and Prevention (ILDP), Information Leak Prevention (ILP), Content Monitoring and Filtering (CMF) or Extrusion Prevention System by analogy to Intrusion-prevention system.
Organizations process information that can be often classified as sensitive, either from a business or legal point of view. In addition to risk of intrusion and gaining access to sensitive information by unauthorized persons, there’s also risk of intentional or spontaneous transmission of the information to the outside of organization.
Many large companies now fall under oversight of government of commercial regulations that mandate controls over information, including privacy protection schemes for European companies, HIPAA in health and benefits in US, GLBA and BASEL II in finance, Sarbanex Oxley (SOX) for publicly lsited companies, and Payment Card Industry (PCI) DSS standards. Some of these regulations stipulate a regular information technology audit, commonly known as IT audit, which organizations can fail if they lack suitable IT security controls and due-care (processes) standards. Companies with enterprise resource planning ERP software (e.g., SAP and Oracle Corporation find compliance especially challenging (see erm or enterprise risk management. Others mandate significant penalties in the event of a breach.
Loss of large volumes of protected information has become a regular headline event, forcing companies to re-issue cards, notify customers, and mitigate loss of goodwill from negative publicity.
In terms of regulations, one high-profile example is California SB 1386. The state of Tennessee has also passed the “Credit Security Act of 2007,” which will result in a Class B misdemeanor for any use of a person’s SSN in “direct mailings” or over the Internet.
Recently the European Commission enforces DLP in the 2008 Telecom Directive, which will have to be applied by the various memberstates. European Parliament and some Member states such as the UK are working on developing a much wider DLP directive, impacting all industries.
Some industry associations are working on a self-regulating model, expected is that some of those results will be published throughout 2009 - 2010.