It is not uncommon these days to come across security incidents involving sensitive data. Most researchers and practitioners view insider threats as a major organizational problem. ‘Insider’ refers to an individual who is officially empowered to access ICT infrastructure in an organization and one who knows the value of the information. Preventing data leakage is challenging since the insider’s lack of awareness about the information’s potential value can be manipulated by other parties. The second issue involves a lapse of security by individuals who are in the know about protecting their systems but fail to do so. To overcome this deficiency, a data leakage (loss) prevention system (DLPSs) was introduced and is currently considered as the leading information leakage protection system. However, since the most cumulative research in information security agrees that security appliances are not the magic bullet solution but rather a diagnostic tool for security threats; hence, it cannot cure the root cause. Thus, this study intends to identify and analyze the possibility of information leaks influenced by human factors and controlling processes, especially leakage to data-in-use. Both the qualitative and quantitative methods are used in this study. A case study will be carried out at a public sector agency that is currently implementing DLP to determine the current phenomena pertaining to these issues. The outcome of this study is to propose a data leakage protection model for data in-use. This proposed model might contribute pertinent knowledge to the industry, academicians or people who are interested in this domain so that appropriate processes are applied to protect data leakage. The proposed model can also be used as a reference and guideline when implementing the DLP system in their organizations.