Data Privacy and Security Information Sheet:
Proofpoint Insider Threat Management

The purpose of this document is to provide customers of Proofpoint’s Insider Threat Management (ITM) with the information necessary to assess how the product can support and enhance their data privacy strategy.

Insider Threat Management – Product Statement

The growth in remote work from anywhere and everywhere has redefined the security perimeter to one based on people, increasing the risk of insider-led data loss for organizations. At the same time, the frequency and volume of insider threats keeps rising, placing a significant burden on security teams to keep pace.

Proofpoint’s ITM solution runs on the cloud-native Information and Cloud Security Platform (“Platform”). It provides visibility, context, and analysis to help security teams quickly detect and prevent insider-led data breaches, while accelerating incident investigations and response to mitigate damage. Endpoint DLP, a subset of ITM, focuses on the detection and prevention of risky file activity by everyday users while ITM focuses on identifying and monitoring the riskiest users.

Information Processed by Proofpoint’s Insider Threat Management

ITM filters and processes some personal data elements as users use their organization-issued endpoints to complete their job responsibilities. This is done to protect against insider threats and endpoint data loss. If configured by the Customer, the types of data include:

  • Personal financial information (sometimes known as PCI data) including but not limited to credit card numbers, bank account numbers
  • Personal healthcare information including but not limited to national identifiers, insurance numbers
  • Personal identifiable information (PII) including but not limited to names, email addresses
  • Personal data included on the user’s screen when visual capture is enabled


Customer Access to ITM Data and Privacy Options

Access to ITM data may be controlled by policies set by Customer security administrators. Access can be assigned to specific users and groups. Data is made available to authorized users and groups through the solution’s dashboard.

How Proofpoint Retains Records

Proofpoint customers can select a retention period (30 days, 90 days, 120 days or 366 days) for which the data is retained in the Platform after which the data is securely deleted on a rolling basis.

Proofpoint’s Use of Subprocessors

Proofpoint utilizes subprocessors to provide its services. A comprehensive list of the subprocessors may be found on the Trust site.


Proofpoint maintains a documented information security program that is aligned with the requirements of NIST 800-53 and ISO 27001. Security controls include the following:

  • Data in transit is protected using HTTPS/TLS.
  • Encryption at rest is accomplished using AES 256 or stronger ciphers.
  • Access control mechanisms are present for physical and logical access to the facilities and the infrastructure hosting the services.
  • Proofpoint has implemented policies and procedures for the identification and remediation of vulnerabilities in its products and services. Please see
  • Proofpoint leverages a distributed security monitoring infrastructure to monitor for and alert on security incidents.
  • Proofpoint’s information security program undergoes an annual SOC 2 Type II audit for the Availability, Confidentiality, and Security trust services principles.

© 2023. All rights reserved. The content on this site is intended for informational purposes only.
Last updated September 19, 2022.