Data loss prevention (DLP) is a security mechanism that helps prevent sensitive data from being unduly shared, misused, lost, or accessed by unauthorized users. The Data Loss Prevention App works best with the most recent version of Rocket.Chat.
This app can also work in a fully air-gapped environment. Follow the Air-gapped app installation guide and continue with the configuration instructions below.
Installing the Data Loss Prevention app
To install the Data Loss Prevention app,
- Navigate to Administration > Workspace > Apps > Marketplace. 
- Search for the Data Loss Protection app. 
- Click Install. 
Configuring the Data Loss Prevention app
After installing the app, you need to configure the rule set for its functionality.
To configure DLP,
- On the DLP App Info screen, navigate to Settings. Configure the following settings as needed: - Rules for Blacklisting message: Takes in an array of regular expressions defining the rules. Add each Regular Expression on a new line. 
- Moderator Channel: Specify the channel to which all blacklisted messages will be forwarded. From there, the channel moderators can either - Approveor- Rejectthe message. e.g.- general
- Content control type: Choose to ignore channels or select targeted channels to monitor. 
- Channels: List channels separated by commas to apply the Channel Filter rule. 
- Censor only Sensitive Information: If enabled, only the sensitive information is replaced by multiple hashtags (######) 
- Custom Blacklisted Message title: Set the title of a temporal message that replaces the blacklisted message pending when it gets approved by the moderator. 
- Custom Pending approval message: Set the temporal message that replaces the blacklisted message pending when it gets approved by the moderator. Click More info button under the blacklisted message in the room to see it. 
- Custom Rejected Message: This message is displayed in place of the blacklisted message when a moderator rejects a blacklisted message. 
 
- Click Save Changes. 
- Navigate to Administration > Workspace > Settings > Message. - Enable Allow Custom Fields in Messages. 
- Update Custom Fields Validation with the rule defined below: - { "properties": { "dlpMessage": { "type": "object", "nullable": true } } }
 
- Click Save Changes. The Data Loss Prevention App is ready and functional on your workspace. 
Read the Data Loss Prevention user guide to know more about using the DLP app.
Through DLP features, admins can create a list of regular expressions to be monitored in Rocket.Chat, and you can apply it to any conversation. Once a regular expression is detected, it appears blurred in the room where it was originally written. The original message is forwarded to a predefined channel for auditing flow, where a moderator can approve or reject its content. Rooms can have more than one moderator. It’s also possible to select the rooms to apply the DLP app. If you have channels on your workspace where sensitive information is frequently shared or data leak is more likely to happen, e.g., the finance team channel, you can restrict this channel.