We have been leveraging the inline DLP policies for over a year, and have struggled to “tune” the policies for false positives for PCI, PII, GLBA rules. 

Curious for feedback from the community no how you tune your rules/classifier etc to weed out false positives.. 

Our current route/solution we are looking at is excluding “sites” that generate the majority of the false positive hits. 

Example: Walmart is notorious for flagging carts with Names of brands next to the item number for SSN & US Names..

Any and all feedback is welcome - thank you so much in advance!!