In performing these calculations, flagging module 108 may also weight some sensitive data more heavily than other sensitive data such that a single hit on a more sensitive item of data may increase a running total closer to the threshold more than a single hit on a less sensitive item of data. In these examples, flagging module 108 and/or system 200 as a whole may specify both which items of data constitutes sensitive data that is protected by the data loss prevention system and also specific values or formulas that define weights for one or more of these items of sensitive data. Flagging module 108 may also base the determination of whether to flag the application on a rate of accessing sensitive data over a unit of time (e.g., a duration of time, acceleration, jerk, or other n-order measurement), such as by measuring the rate, acceleration, or jerk against a corresponding threshold.

In one embodiment, the application remains flagged during execution as having accessed the sensitive data until a process corresponding to the application is terminated. In other words, termination of the application may guarantee that the ability of the application to access sensitive data no longer exists such that the application may be trusted again. In other examples, the application may remain flagged until the clearing, blocking, deleting, overwriting, and/or invalidating of one or more areas, units, and/or pages of memory that the application accessed, to which the application possessed access, and/or to which the application wrote the sensitive data. In these examples, the ability of the application to access the sensitive data may expire without the process corresponding to the application also expiring, because the memory location where the sensitive data was stored or accessible has been deleted or otherwise made inaccessible.