In general, performance module 112 may tag the data object and then allow the data object to be written to the file system, network, and/or operating system clipboard, after which the data object may be prevented from leaking outside of a corresponding organization or enterprise at a further or different layer of filters, interceptors, and/or checkpoints (which may reference the tag to determine that the data object should not be permitted to be transmitted outside of the organization). Similarly, in some examples the application may write or transmit the data object to another application. In these examples, the new target application, such as application 250, may inherit the classification of the source application, such as application 230 (i.e., if the source application was flagged as having accessed sensitive data then the target application receiving the data object may be flagged too in a parallel manner).

In further examples, the attempt to output the data object may trigger one or more attempts to convert the data object from the obfuscated format to a computer-readable format, such as by performing optical character recognition. Upon performing optical character recognition, the data loss prevention system may then proceed as if the underlying text had been extracted from a conventional document file. In other examples, detecting the presence of sensitive data within a multimedia or obfuscated format may trigger or indicate a notification that a user potentially intended to circumvent the data loss prevention system and leak sensitive data.