DLP Controls

Data Loss Prevention (DLP) controls help prevent accidental or intentional exposure of sensitive data through Fp Switchboard tools.

Overview

DLP in Fp Switchboard works by:

1. Scanning tool inputs for sensitive data patterns
2. Scanning tool outputs before returning to the AI
3. Taking action based on your configured rules

PII Detection

Social Security Numbers, credit cards, phone numbers

Secrets Detection

API keys, passwords, tokens

Custom Patterns

Regex patterns for your industry or company

Keyword Blocking

Block specific terms or phrases

Enabling DLP

1. Go to Admin → DLP Settings

   Navigate to switchboard.fpdigital.ai/admin/dlp

2. Enable DLP scanning

3. Select detection categories

4. Configure actions

5. Save and activate

Detection Categories

Built-in Detectors

Category	Examples	Default Action
SSN	123-45-6789	Redact
Credit Card	4111-1111-1111-1111	Block
Phone Number	(555) 123-4567	Log
Email Address	user@domain.com	Log
API Key	sk_live_xxx, AKIA…	Redact
Password	password=, pwd:	Block

Custom Patterns

Add your own regex patterns:

name: "Internal Project Codes"
pattern: "PROJ-[A-Z]{3}-\d{4}"
action: notify
description: "Detected internal project code"

Keyword Lists

Block or flag specific terms:

name: "Confidential Terms"
keywords:
  - "confidential"
  - "internal only"
  - "do not share"
action: notify

DLP Actions

Action	Behavior
Block	Prevents the tool call entirely
Redact	Replaces sensitive data with [REDACTED]
Notify	Allows but alerts admins
Log	Allows with enhanced audit logging

Tip

Start with Notify or Log to understand what’s being detected before enabling Block or Redact.

Configuring Actions by Context

Different actions for inputs vs outputs:

detector: credit_card
input_action: block      # Don't let AI send credit card numbers
output_action: redact    # Redact if they appear in results

Exemptions

User Exemptions

Some users may need to work with sensitive data:

exemptions:
  users:
    - finance@company.com
    - hr@company.com
  detectors:
    - ssn
    - credit_card

Tool Exemptions

Some tools legitimately need access:

exemptions:
  tools:
    - quickbooks_create_invoice
    - hubspot_create_contact
  detectors:
    - phone_number
    - email

DLP Reports

View DLP activity in Admin → DLP Reports:

• Detection Summary — What types of data are being detected
• Trend Analysis — Are detections increasing over time?
• User Breakdown — Which users trigger the most detections
• False Positives — Review and tune your detectors

Fine-Tuning Detectors

Reducing False Positives

If a detector triggers too often on non-sensitive data:

1. Review the detection log
2. Add exclusion patterns
3. Adjust confidence thresholds

detector: phone_number
min_confidence: 0.8
exclusions:
  - "555-"  # Fictional phone numbers

Custom Confidence

Some patterns have confidence scores. Set minimum thresholds:

detector: credit_card
min_confidence: 0.95  # High confidence required
action: block

Compliance Integration

DLP logs integrate with your compliance requirements:

• HIPAA — PHI detection and logging
• PCI-DSS — Credit card data protection
• GDPR — Personal data tracking
• SOC 2 — Audit trail for sensitive data access

See Compliance for detailed compliance features.

Best Practices

1. Audit before blocking — Use notify/log first
2. Document exemptions — Explain why certain users/tools are exempt
3. Review weekly — Check for new patterns or false positives
4. Train users — Explain what triggers DLP and why
5. Test thoroughly — Verify DLP works as expected with test data