Your organisation has just made a decision to lay off staff who are in possession of strategy documents that could result in those  documents remaining in their possession after the layoff. What do you do? What happens when a member of staff with access to sensitive information resigns?

Do you think the confidential agreement signed with that employee is enough to ensure that he or she does not use the information contrary to what has been agreed in the confidential agreement?

As a general rule all organisations should classify all their documents with the aim of identifying the ones that need persistent protection i.e. no matter where the documents are located or how they are being used the organisation has complete control over those documents and can determine when rights to those documents are withdrawn.There are 2 approaches to this. The first is using both enterprise rights management with data leakage prevention; in this case data leakage prevention(DLP) identifies all documents that may contain sensitive corporate information and notifies the enterprise rights management engine that sensitive information is about to be copied to external media or outside the firewall and therefore needs to be encrypted.

The second is using context sensitive enterprise rights management in which all documents that contains data defined in the data dictionary is automatically encrypted.

These 2 approaches have massive benefits in protecting sensitive information no matter where it is located and can help data owners withdraw access to its sensitive data at any time.

Organisations really need to understand the basic principles of enterprise rights management and how it can benefit them with respect to safeguarding their confidential information. If there is already a DLP solution already installed the need for enterprise rights management to enable flexibility should be considered.