Abstract: A computer-implemented method, implemented by one or more computers including hardware and software. The method includes determining whether a computer system contains data subject to a protection policy; in response to a determination that the computer system contains data or information subject to said protection policy, determining whether the data is already subject to protection according to said protection policy; and in response to said determining, that the computer system contains data or information that is not already subject to protection according to said protection policy, applying or implementing the protection policy on the data or information.