The growth in volume of digital information arising from business activities presents organisations with the increasingly difficult challenge of protecting their information assets. Failure to protect such information opens up a range of new business risks. The increase in externally hosted services and social networking tools also adds a new layer of complication to achieving information protection. Prior research has recognised the need for a socio-organisational view of information protection, shifting the emphasis from a narrowly defined technical concern to an enterprise-wide, business-led responsibility encompassing strategic and governance issues. We argue that this shift is important but not enough and that greater attention should be given to understanding the nature and complexities of digital business information. In this paper we examine the extent to which existing frameworks for information protection are structured to account for changes in the information environment. Our findings indicate that whilst these frameworks address the need to adopt a broader social and organisational perspective there remain a number of significant limitations in terms of the way the information is treated. To address these limitations we propose a more co-ordinated and information-centric approach to information protection.