Juliee,
I am ot a Websense guru, so you will need to ask them.
When creating ANY Web Prevent event, does DLP it have the username in the incident?
If you do not see a username like (WINNT:\\someing\username) or something like that, it means that the proxy does NOT require user authentication. Which means the Proxy is not providing any information on WHO created the Web Event.
All you see is an IP address.
If there is NO username in the Web prevent events, that means there is no way to match based on an AD user... hence the policy will not work.
Overall you will need to configure the Proxy to require the user authenticate in order to get access to the outside world
I did a quick search for User Authentication..
https://www.websense.com/content/support/library/web/hosted/getting_started/enduser_auth.aspx
https://www.websense.com/content/support/library/web/v80/triton_web_help/user_id_explain.aspx
Good Luck,
Ronak
PLEASE MARKED SOLVED WHEN POSSIIBLE