This can happen if the 'Where' clause name matches a word on Symantec DLP's stopword list.

For Example:

If the word in your 'Where' clause happens to be "It" as in  'Where Department contains any of "It"' then an incident for this policy will never be generated due to the same word "it" being in our stopword list.

This list can be found in Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\config\stopwords on the Detection Server. 

SOLUTION

• change the name you are using in the 'Where' clause to be something other than a word found in our stopword list
• remove the stopword that matches your 'Where clause

If you remove the stopword then you have to also do the following;

1. Save the file
2. restart the Detection Server service

Additionally, DGM's behave just like EDM in that spaces are not permitted as the field will be parsed and the two words will be seen as separate words, not part of the same phrase.  For example, if the "Where" clause happens to contain a name with a space in it such as "Sales Department", then the DGM will only be looking for "Sales" only and will not generate an Incident.  The solution for this is to change the data for the DGM to include an underscore, change the where clause and reindex the DGM.