Organizations invest a lot of effort in guarding their sensitive information and intellectual property. They implement data leakage controls, they lock USB storage devices or file uploads to the internet. But they also grant privileges, i.e. exceptions, to such data leakage controls. However, granting these privileges is often solely based on business need. How can organizations establish a privilege management that factors in the inherent data leakage risk? That in mind, this presentation provides a new approach on how to enhance privilege management. It demonstrates that risk-based privilege management can be an invaluable addition when it comes to protecting sensitive information and intellectual property. '