<![CDATA[In today’s digital era, the leakage of sensitive information has become a serious threat for both individuals and organizations, especially when data is not adequately protected. To address this issue, a system is required that not only detects the presence of sensitive data but also protects it effectively. This study develops a Data Loss Prevention (DLP) system that integrates sensitive data pattern detection using regular expressions (regex) with Format-Preserving Encryption (FPE) techniques to safeguard sensitive information in digital documents. The system is designed to identify data patterns such as national ID numbers (NIK), tax identification numbers (NPWP), phone numbers, email addresses, and bank account numbers using regex, and then encrypt the detected data without altering its original format. The test data used in this research consists of synthetic datasets that resemble real-world data. The encryption process employs the FF3 algorithm with a deterministic approach tailored to each data type to maintain system compatibility. The evaluation covers detection effectiveness using precision, recall, and F1-score metrics, as well as encryption efficiency and security through processing time measurements and entropy values. The evaluation results indicate a detection accuracy of 94.1%, precision of 100%, recall of 88.8%, and an F1-score of 94.1%. The average encryption time per document is only 0.15 milliseconds, while the encryption process successfully increases the document entropy by 0.0645 bits. This system demonstrates stable and reliable performance in detecting and protecting sensitive information without disrupting data structure or operational processes.]]>
