The information structure of a given company before the adaption of a DLP solution is, quite frankly, often a mess. Documents are created with sensitive data in every sector of the system, read-and-write rules are set up in a random fashion based on the whim of a system administrator that worked there nearly a decade ago, and so on. This is understandable, of course, as the employees are not trained in proper information security, and the system security is focused on defending the perimeter from the outside.