A method for mitigating false positive type errors while applying an information leak prevention policy, the method comprising the computer implemented steps of: defining at least one positive criterion for a positive set, wherein the positive criterion comprises at least one indicator of a possible breach of the information leak prevention policy; defining at least one negative criterion for a negative set, wherein the negative criterion comprises at least one indicator of benign traffic; establishing an ambiguity set in association with an intersection between the positive set and the negative set, such that information items in the intersection enter the ambiguity set; defining at least one ambiguity resolution criterion for resolving the ambiguity; monitoring and analyzing electronic traffic, where each information item in the traffic is searched for matches with the positive set; checking for membership of each item in the positive set in the ambiguity set; resolving ambiguities using one of the ambiguity resolution criterion for each member of the ambiguity set and removing items from the positive set accordingly, and applying information leak prevention policy for all items remaining in the positive set following the removal of items using ones of the ambiguity resolution criteria.