It varies by the DLP technology used, but in general terms a method of identifying information is applied to an information transport or storage point, and if the information is detected, a policy enforcement capability is invoked. DLP mostly relies on a mixture of regular expression-based string matching, file watermarks, meta-data matching, transport type, conceptual (lexicon based), fingerprinting analysis, and storage point/type based logic to identify the data that should be protected and what the desired enforcement of the configured policy is. DLP solutions often use content awareness and contextual analysis to determine when there are potential incidents.