Microsoft Priva Privacy Risk Management
Privacy is top of mind for organizations and consumers today, and concerns about how private data is handled are steadily increasing. Regulations and laws such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) impact people around the world, setting rules for how organizations store personal data and giving people rights to manage personal data collected by an organization.
To meet regulatory requirements and build customer trust, organizations need to take a “privacy by default” stance. Rather than manual processes and a patchwork of tools, organizations need a comprehensive solution to address common challenges such as:
- Protecting the increasing amounts of unstructured data from privacy issues arising from human error
- Helping employees adopt sound data handling practices and training them to spot and fix issues
- Understanding the potential risks in the amount and type of personal data they store and share
- Fulfilling data subject requests, or subject rights requests, efficiently and on-time
How Priva helps your organization
Priva provides capabilities that help you:
- Proactively identify and protect against privacy risks such as data hoarding, problematic data transfers, and data oversharing
- Gain visibility into the storage and movement of personal data
- Empower employees to make smart data handling decisions
- Enable users to effectively manage data and take steps to comply with evolving privacy regulations
- Manage subject rights requests at scale
Priva’s capabilities are available through two solutions: Priva Privacy Risk Management, which provides visibility into your organization’s data and policy templates for reducing risks; and Priva Subject Rights Requests, which provides automation and workflow tools for fulfilling data requests. You can choose to purchase one or both modules to suit your organization’s needs. Learn more about Priva solutions.
Find and visualize personal data
Understanding your privacy posture starts with having a thorough understanding of what content your organization is storing in Microsoft 365 that contains personal data, where it lives across the services you use, and the conditions under which it’s managed. Priva helps organizations to discover personal data automatically and provide key analytics and insights to admins to help them understand the privacy issues and associated risks in their organization. The solution will evaluate where personal data in your organization is stored, how this data flows, and personal data trends over time.
These insights are presented within your Overview dashboard, which provides automatic updates about your data with important trends, and the data profile, which allows you to explore ongoing analytics. These insights help you understand privacy issues in your organization and to identify actions to remediate them.
To learn more, see Find and visualize personal data in Priva.
Manage privacy risks at scale
Complex data environments can present potentially risky scenarios for personal data. Priva Privacy Risk Management provides tools to detect these risks, establish policies and processes for remediation, and directly notify your users about issues and recommended actions to take. In this way you can inform and educate your users, along with enabling them to handle risk mitigation within tools they use every day. This can make a lasting, positive change in your organization’s privacy behaviors.
Priva provides built-in, customizable templates for establishing ongoing policies tailored to these scenarios:
- Overexposed personal data: Discover open and over-privileged personal data in your organization and prioritize remediation efforts to secure data. Easily manage access rights to this data to protect privacy and prevent inappropriate use.
- Data transfers: Detect and manage transference of personal data between departments in your organization or across country or regional borders. This can help reduce the risk of data exposure, or of stepping out of accordance with privacy regulations and laws.
- Data minimization: Identify personal data that doesn’t need to be retained and prioritize remediation efforts to delete this data.
Once set up, you can evaluate your data on an ongoing basis, receive alerts when policy matches are detected, and set up email notifications to your users about recommended remediation steps and training about best practices.
To learn more, see Create policies in Privacy Risk Management.
Efficiently fulfill personal data requests
Certain privacy regulations around the world allow individuals, also referred to as data subjects, to make requests to review or manage personal data about themselves that companies have collected. For companies that store large amounts of unstructured information, finding the relevant data can be a formidable task.
Priva Subject Rights Requests provides you with the capability to automate data subject rights fulfillment with easy access to relevant data and customizable workflows that fit into existing business processes. When you search for data related to an individual, our subject rights request solution will automatically collect data from throughout your Microsoft 365 environment and help you to review the findings and produce reports. You can securely collaborate with multiple people in your organization to complete requests. You can also customize your workflows based on your business processes with built-in templates.
To learn more, see Learn about Priva Subject Rights Requests.
How Priva works with Microsoft Purview risk and compliance solutions
Microsoft Purview Compliance Manager
Priva can work hand in hand with Microsoft Purview Compliance Manager, which offers data protection and privacy assessment templates that correspond to compliance regulations and industry standards around the world. Based on the assessments you build with these templates, Compliance Manager can help you understand what steps to take to meet your organization’s regulatory requirements. Taking steps in Priva to protect the personal data you store can contribute to your privacy assessments in Compliance Manager and can help improve your compliance score.
In preview: By taking specific actions in Priva, you can achieve points that count toward assessment completion and increase your overall compliance score. Examples of actions that Compliance Manager can monitor and give you credit for include setting up a Privacy Risk Management policy, and enabling data retention limits for subject rights requests. Compliance Manager automatically detects whether you’ve completed the actions and awards points that contribute to your compliance sore. Learn more about automatic testing of improvement actions.
- To access Compliance Manager: Users who hold a Priva role won’t automatically have the necessary role to access and work in Compliance Manager. See permissions and roles needed for Compliance Manager and talk to your IT admin if you need to be assigned a role.
- To find Priva actions in Compliance Manager: In Compliance Manager, go to the Improvement actions tab. On the Solutions filter, select “Priva Privacy Risk Management” and “Priva Subject Rights Requests.”
Microsoft Purview Data Loss Prevention
Microsoft Purview Data Loss Prevention (DLP) provides robust capabilities to help prevent the unintentional sharing of sensitive items outside of an organization. Priva can extend this protection by delivering insights unique to your organization and empowering your users to address risks right away. For example, when you use Privacy Risk Management to detect transfers of personal data outside of your organization or between certain departments, users can receive email notifications with remediation actions right in the email. Get more details about user email notifications in Privacy Risk Management.
How and where Priva identifies items with personal data
Personal data is typically personal information that is related to a living person that can be used to identify that person. It may be a data type that can directly identify the individual, such as a name, passport number, social security number, and so on, or combinations of different data types that can be used to identify the individual. The definition of personal data or personal information may vary under applicable law, so make sure you understand the types of data for which you have legal obligations.
Priva utilizes foundational capabilities of Microsoft 365 to help you identify these personal data types based on your settings, through the use of sensitive information types (SIT). To review the list of all defined sensitive information types, see Sensitive information type entity definitions. Organizations that create custom SITs can use those SITs in Priva.
Priva evaluates your organization’s data stored in the following Microsoft 365 services within your Microsoft 365 tenant:
- Exchange Online
- SharePoint Online
- OneDrive for Business
- Microsoft Teams
Priva evaluates only data within your organization’s Microsoft 365 environment. It does not access personal data that isn’t part of the organization’s Microsoft 365 environment. For example, it doesn’t access a user’s personal Microsoft 365 account.