We all know where the data starts from, but where does it end? Asif Effendi and his roundtable participants pondered this question at the start of their Data Loss Prevention (DLP) discussion. The answer varies depending on what type of organization the data originates from as well as what regulations are placed upon the data itself. Regulated data is a cause of great concern among security executives because of how it must be secured and reported. However, other types of data are equally important and can have more impact than we realize. Can we, then, know all of the data that we have? The participants were unanimous in stating we cannot and therefore cannot protect everything. However, security teams will still need to find a way to classify data and collaborate with the different teams who interact with it. Once security teams know the implications behind what data is important and what it would mean if it was stolen or shared irresponsibly, then they can decide how much protection is necessary to secure it. The group also discussed how GDPR and other regulations on consumer data are affecting how the U.S. handles similar data, with motions like the California Consumer Privacy Act coming to fruition. In the end, we must continue to monitor the changing environment of data and what needs to be protected. The group realized that there are no good tools—automated or otherwise—that can protect data no matter what. Past DLP tools have been heavy and difficult to manage, so it’s up to security teams to continuously protect data by collaborating with others, integrating necessary solutions, and discussing business risk with business management. Organizations must also keep teams trained continuously on data protection, so it becomes part of the business fabric on every level.