How do collaboration systems ensure data loss prevention (DLP) and regulatory compliance?

• A. Content scanning, policy-based controls, retention and eDiscovery, encryption at rest/in transit, and access auditing
• B. Relying solely on user training and awareness
• C. Logging only when a security incident occurs
• D. Disabling retention policies to avoid overhead

Answer: (A)

A layered approach to data loss prevention and regulatory compliance in collaboration systems combines content scanning, policy-based controls, retention and eDiscovery, encryption at rest and in transit, and access auditing. Content scanning identifies sensitive information as it moves or is stored, enabling automated enforcement actions. Policy-based controls let admins define rules that automatically block, quarantine, warn, or require additional approvals for risky actions, ensuring consistent protection across users and devices. Retention policies and eDiscovery ensure data is kept according to regulatory timelines and can be efficiently located for legal requests or audits. Encryption protects data both when it’s stored and when it’s sent over networks, so even if data is intercepted or accessed without authorization, its content remains unread. Access auditing provides a detailed record of who accessed what data and when, supporting investigations, accountability, and compliance reporting. This combination is much more effective than relying on user training alone, which gaps can occur; logging only after incidents misses ongoing policy violations; or disabling retention policies, which would undermine legal holds and regulatory requirements.