How Data Loss Prevention (DLP) Works

DLP is the technology meant to stop sensitive data from walking out the door. Two recent grants show how the inspection actually happens — including for video.

DLP answers a question every enterprise eventually faces: how do you stop your own data from leaving in ways it shouldn't? The technology inspects content — emails, file uploads, clipboard contents — for sensitive patterns and enforces a policy when it finds them.

Two recent grants make the mechanism concrete and show where it's heading. Zscaler's US12603868B2, "Endpoint data loss prevention" (issued April 14, 2026; CPC H04L 63/04), describes DLP enforcement at the endpoint itself — on the device where data is being used. Netskope's US12316647B1, "Video data loss prevention (vDLP)" (issued May 27, 2025), extends the same idea to a surface most DLP never covered: video and screen content. Read them at US12603868B2 and US12316647B1.

The way this actually works is inspect-classify-enforce. The system observes data at a control point (an endpoint agent, a network proxy, a cloud API), classifies whether it contains something sensitive — a credit-card number, a source-code file, regulated personal data — and then applies the policy: allow, log, warn, or block. The Netskope vDLP grant is notable because it pushes that inspection into video frames, acknowledging that data leaks through screenshots and screen-shares, not just file transfers.

Here's the business angle this desk cares about. The progression in these two grants — from files to endpoints to video — is the product story of the whole DLP market: the set of surfaces to inspect keeps expanding, because the ways people move data keep expanding. Every new work pattern (remote screen-shares, AI copy-paste, mobile) opens a new leak path, and each one is a reason to expand the DLP footprint. That expanding surface is what turns DLP from a one-time purchase into recurring, growing demand.

The honest caveat: DLP is famously noisy, and a patent on an inspection method is not a guarantee of low false positives. The grants describe how detection and enforcement work, not how accurate they are in production. Buyers should read the mechanism as a capability claim, not a quality claim.

The grounded read: DLP is content inspection plus policy enforcement at a control point. When a vendor adds a new "DLP for X," what's really changing is the control point — a new surface to inspect. These two grants name two of those surfaces explicitly, and the direction they point is the same one the market is buying: cover every place data can move.

How Data Loss Prevention Works, Read Through Zscaler and Netskope Patents