The fastest way to protect documents from leaving NetDocuments—without affecting anything until you’re ready.
DLP (Data Loss Prevention) lets you block downloads, email copies, syncing, and other ways documents can leave NetDocuments. The problem is most firms that have DLP never configure it because they don’t know where to start.
Here’s the simplest approach: create a profile attribute that triggers DLP when set to “Yes.” Nothing gets protected until you explicitly mark a document. No risk of locking anyone out by accident.
The Setup (5 Minutes)
Scenario: I have decided not to leave documents with Financial Information in the NetDocuments Repository. I am going to create a Profile Attribute called Confidential. When I am in a Document and edit the profile attribute confidential to say “Yes,” The Policy should be applied.
Step 1: Create a Profile Attribute called Confidential
Go to Admin → Repository Administration → Profile Attributes. Create a new attribute called “Confidential” (or “Protect” or “Restricted”—whatever makes sense for your firm). Check “Use Lookup Table” and save.
Step 2: Create a Value in the Table Called Yes
Step 3: Add that Profile Attribute to the Cabinet you want to use.
Step 4: Under Data Protection/DLP, choose the Profile Attribute Confidential
Step 5: Click Go to lookup table
Step 6: Open up the Yes Value
Step 7: Under DLP Policy, choose the Policy you want to implement
Note: NoSystemDownloads is a built-in policy you get when you add DLP to NetDocuments.
What happens when this DLP Policy is enabled
I have applied this policy to a PDF document containing financial information by changing the Confidential value to Yes.
When I attempt to save the Document Locally, it prevents me from doing so:
When I attempt to use More –> Download, it prevents me:
When I open up the document, it will go into my Echo folder.
However, when I close it, it disappears immediately.
When I attempt to use Email Copy, it will be prevented:
When I sync the Item using ndSync it will not show up on my PC.
Why This Approach Works
- Nothing changes until you act — Documents aren’t protected until someone sets the attribute
- No user training required — Users don’t need to learn classifiers or labels
- Easy to test — Try it on one document before rolling out firm-wide
- Flexible — You can later tie DLP to existing attributes like Client or Matter Type instead of a manual flag
Other Options
This isn’t the only way to implement DLP. You can also:
- Apply a policy to an entire cabinet (everything gets protected automatically)
- Tie DLP to existing profile attributes (e.g., all “Medical Records” doc types get protected)
- Use classifiers if you want users to manually tag sensitivity levels
But the profile attribute method above is the safest starting point—you can always expand from there.
Don’t Have DLP?
Check Admin → Security Center. If “Data Loss Prevention” is grayed out, you don’t have it licensed. DLP is part of the NetDocuments Protect package. Contact your NetDocuments rep or reach out to us if you need help getting it added.
Need help configuring DLP? Contact Optiable — we’ve implemented NetDocuments at over 550 law firms and can get your DLP running in a single session.