That would make DLP an exact fit for you.
What DLP does is monitor and control who uses your data and ensurres that confidential data doesn't leave their computers or the corporate network.
It protects data in 3 places:
Data in motion - this monitors data flowing throughout the actual network and blocks confidential data from leaving the corporate network at the Internet edge. It can allow this data to go to trusted partners, but block it from going to a public forum. It can also control what can be sent through the corporate mail server based on the sender, the recepient, attachments, etc.
Data at rest - this monitors and protects data on your SAN/NAS. It makes sure that data that's confidential is stored in proper places and has proper encryption and protection. It can also assign owners and controls to individual files and folders.
Endpoint - this monitors all types of data on users' computers. It ensures that users can't copy confidential information onto CDs or flash drives, post information to webpages (http and https) and monitor all other flows of data going out of the PC.
That's just a brief overview, I hope it helps!