Sensitive files that match incidents that still exist in DLP are disappearing from filers in Data Insight.
The report being used in Data Insight to pull in sensitive file information from DLP has a date range as one of the criteria.
For instance, if the report being used only looks back 90 days, older sensitive files based on the report will disappear from Data Insight day by day.
To determine which report is being used by Data Insight to pull incident data from DLP, obtain the Report ID from the Data Insight interface and run the query below against the protect database as the protect user where the Report ID in Data Insight is <report ID>.
SELECT Name, Description, Permission, Action, ModifyDate, DefaultDisplayinNav FROM Report WHERE ReportID=<report ID>
The query will return the name of the report being used in Data Insight which can then be found in the list of DLP Incident Reports.
If the word "PRIVATE" is returned, the report belongs to the DLP default Administrator account and the user will need to log in to Enforce as Administrator to see it.
Change which report is being used by Data Insight to pull incident data from DLP or edit the existing report to meet current business needs.