Navigating privacy in a data-driven world with Microsoft Priva
Data protection and privacy have become business imperatives. In a global survey conducted by Microsoft and leaders in the academic privacy space, 90 percent of respondents said they would not buy from an organization that does not properly protect its data.1 More than ever, people have a high awareness of their privacy, their digital footprint, and, most importantly, how the organizations they work with treat both. According to Gartner®, by the end of 2024, three-quarters of the world’s population will have personal data covered by modern privacy regulation.2 People exercise their privacy rights either explicitly, through actions like subject rights requests, or implicitly, through declining to do business with organizations that they do not trust. For organizations committed to respecting the privacy rights of individuals, it can be challenging to implement requirements and controls needed to meet data privacy needs.
Microsoft respects the vital role that privacy plays with customers. We provide solutions that help organizations meet their privacy obligations, and today we are excited to announce enhancements to Microsoft Priva.
Microsoft Priva
Protect personal data, automate risk mitigation, and manage subject rights requests at scale.
How can Microsoft Priva help?
Microsoft Priva brings automated functionality to help organizations meet adapting privacy requirements related to personal data. Today, Microsoft Priva offers two solutions:
Microsoft Priva Privacy Risk Management
Microsoft Priva Privacy Risk Management helps organizations manage privacy risks related to data hoarding, data overexposure, and data transfers, and empowers employees to make better data-handling decisions. Priva Privacy Risk Management supports organizations by:
- Identifying personal data and privacy risks: It allows organizations to leverage auto-classification technology to identify more than 308 personal data types in the Microsoft 365 environment, with no configuration needed. Admins can see personal data by location, geography, and types. In addition to helping organizations know their personal data landscape, Microsoft Priva also detects the associated risks around personal data and gives admins actionable insights.
- Automating mitigation and preventing privacy incidents: Organizations can create policies from pre-configured templates to automate privacy risk mitigation:
- Data minimization: Helps detect unused personal data, send users email digests to review and delete obsolete items, and provides privacy training to reduce data hoarding.
- Data transfer: Helps detect personal data movements between customizable boundaries, such as geography or departments, and blocks risky transfers in near real time.
- Data overexposure: Helps detect personal data overshare, informs file owners to review and adjust access, and provides privacy training to reduce overexposure incidents.
- Empowering employees to make smart data-handling decisions: Admins can configure Priva to help employees make better data-handling decisions, as no one knows the value of their files more than the data owner. Microsoft Priva can trigger a system-generated email or Microsoft Teams message to a data owner with recommended actions and privacy best practices—right in their flow of work.
Microsoft Priva Subject Rights Requests
Depending on where you are in the world today, there will be varying privacy regulations that impact your business, and even if you’re not impacted much today, chances are that it’s a matter of time before they are enabled. Many of these privacy regulations empower people to exercise their rights over their data, requesting that the organizations they do business with or work for provide a log of all personal data collected. For organizations, the process of completing subject rights requests can be a manual, complex, time-consuming, and expensive process, that is also time bound. Microsoft Priva Subject Rights Requests help organizations manage requests at scale and with confidence by:
- Automating discovery: Gathers the requestor’s personal information and detects data conflicts such as sensitive information or data pertaining to other users.
- In-place review and secure collaboration: Review and redact files located in the live system in their native views without creating duplicate copies and bring collaboration to a protected platform.
- Ecosystem integration: Plugs into organizations existing processes to manage requests in a unified way across digital estate. Microsoft Graph subject rights requests API integrates Priva Subject Rights Requests with in-house or partner-built privacy solutions.
Enhancements to Microsoft Priva
Updates to Microsoft Priva include added customization, better insights, easier collaboration, powerful review options, and so much more.
What’s new with Microsoft Priva Privacy Risk Management?
Deeper data viewpoints
The data minimization policy in Privacy Risk Management has been a highly resonating privacy scenario. With this update of day zero insights, admins will be able to view data minimization policy insights 72 hours after starting Priva, with a view of data up to the past 90 days. Previously, customers would have waited at least 30 days to catch policy matches. With a better history of data, privacy admins can understand privacy trends better, and use these data points to strategize the best approach for their organizations.
Better together integration
Microsoft Purview Compliance Manager offers data protection and privacy assessment templates that correspond to compliance regulations and industry standards around the world. Now available is Microsoft Priva working hand-in-hand with Compliance Manager. With this update, admins can take specific actions within Microsoft Priva that achieve points that count toward assessment completion and increase the overall compliance score. Examples of actions that can detect and provide credit include admins setting up a Privacy Risk Management policy, or enabling data retention limits for a subject rights request—prompting collaboration that yields better together productivity.
Figure 1. Visual of Compliance Manager recognizing actions taken within the Priva solution in the “improvement actions” section of Compliance Manager.
Additionally, insights from Compliance Manager will now populate within Priva itself. This update brings recommendations on actions that will help admins align to regulations and improve their score in Compliance Manager.
What’s new with Microsoft Priva Subject Rights Requests?
Fulfill more request types
Many regulations, including General Data Protection Regulation and California Consumer Privacy Act include the right to be forgotten, giving people the ability to request the deletion of all the information an organization has collected about them, with a few outlined exceptions that allow data retention. Today, we are excited to share that Priva Subject Rights Requests delete is now generally available—admins can now select delete as a request type, or get started with the delete template and get purpose-built flows that help surface conflicts and streamline deletion (leveraging the Microsoft retention and deletion platform and working better together with teams already using data lifecycle management and records management). This feature will also enable admins to have the flexibility to select different approvers for any given request and, once the workflow is complete, access the reports tab where they can view their summary report and review results.
Figure 2. Stage three of five of a delete subject rights requests in progress within the Priva Subject Rights Request solution.
Watch this short video to see Priva Subject Rights Requests delete in action.
Learn more
As the data protection landscape continues to shift, many organizations are working to prioritize the privacy needs of a data-driven world. We welcome you to learn more about how Microsoft Priva can help and invite you to try Microsoft Priva free today.
Visit our latest Tech Community Priva blog for additional Microsoft Priva updates and details.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.
1From Privacy Vulnerability to Privacy Resilience, Microsoft. August 2022.
2Gartner®State of Privacy: The Privacy Tech Driving a New Age of Data Wealth. August 2022.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.