Data Loss Prevention
Technology and policy controls that detect and prevent sensitive data from being sent to unauthorised destinations, including AI tools.
In detail
Data Loss Prevention (DLP) refers to systems that monitor, detect and block the transfer of sensitive data to destinations outside approved boundaries. DLP can be applied at the network layer (blocking uploads to unapproved domains), the endpoint layer (preventing copy-paste or file transfer of classified data), the email layer (scanning outbound messages for credit card numbers, tax file numbers or health identifiers), and increasingly at the AI layer (inspecting what employees paste into AI tools). Modern DLP platforms include Microsoft Purview (for Microsoft 365 environments), Nightfall and similar cloud-native options.
Why it matters for Australian business
For Australian businesses the primary DLP risk today is staff pasting sensitive personal, financial or health information into consumer AI tools. Under the Privacy Act, allowing personal information to flow into an unapproved third-party tool without assessment is a potential breach. DLP controls that detect and block these transfers, combined with an acceptable-use policy and AI literacy training, form the practical defence. We implement DLP policies scoped to AI tool risk as part of our AI Data Loss Prevention service.