1. Data is stored locally on detection servers at the time of capture until it can be shipped to the Oracle DB. That time is usually about .001-5 seconds depending on your network.
2. In the event of a communication failure between any of the detection servers and the Enforce or Oracle database the incidents will be stored locally in a folder called "Incidents" in the installation directory of the product until that connection comes back.
3. Incidents are also stored on the endpoint client until the endpoint client can communicate with the endpoint server and send the incidents up to the endpoint server.
4. Network discovers add on Network Protect and Network Prevent for Email have a "quarantine" that can be setup that can also keep sensitive data in a configured area on your network. Please read the appropriate guide for these options.
It would be helpful in the future to know what modules you have so that we can accurately answer your question. Good luck!