Hi Cheryl, I wanted to take a crack at your questions:
1. Have you roll-out any of the Acceptable Use rules/policies?
In the DLP implementations I've done, the AU rules/policies haven't been turned on at all, or, if they have been turned on, the number of matches has been set to very high and it's been an audit-only policy. Foul language, improper/inappropriate Web surfing,etc. are so common that they'd likely crowd out all other type of incidents and policy violations.
2. Have you rolled out Endpoint and are you blocking users from copying data to removable media or are you just notifying the user that they have potentially violated one of the data leakage policies and that they need to use care?
I recommend the latter initially, to help condition users and to baseline the scope of your problem(s). Then, once users are aware of the ability and functionality, you might begin enabling the prevention/blocking on select user groups within the organizations (i.e., most tech-savvy users, or users handling most sensitive-data, etc.)
Hope this helps!
--
Sean Steele, CISSP, CISA
Sr. Security Consultant
infoLock Technologies
877.610.5625 x219 direct
202.270.8672 mobile
ssteele@infolocktech.com