The organization that Chris works for has recently acquired another company. As part of the acquisition, Chris is preparing to address the data that the newly acquired company used, including setting up rules to handle it in his data loss prevention (DLP) system. What step is commonly required prior to data being protected by a DLP system?

DLP systems often rely on classification, tagging, and metadata to help them identify sensitive data that the organization handles and which could be exfiltrated or sent inadvertently outside of the organization. Hashing and creating signatures is more commonly associated with filesystem-monitoring tools. Encrypting the data is not required by a DLP and may actually make it harder for the DLP to identify the data. Applying a mandatory access control scheme to the data is not a typical step in preparing for DLP-based protection.