This week, we are thrilled to announce the expansion of the Microsoft Priva family of products. Microsoft Priva was introduced in 2021 to help organizations navigate the complex world of privacy operations. The expansion of Microsoft Priva brings automated capabilities to help organizations meet adapting privacy requirements related to personal data.

Microsoft Priva

Protect personal data, automate risk mitigation, and manage subject rights requests at scale.

Explore product family

“Understanding and managing privacy is crucial for our clients. Exponential flows of sensitive data and emerging technologies such as generative AI have amplified the need for a strong privacy solution; we are confident in Microsoft’s vision to take on this challenge with Microsoft Priva. The richness of data and activities in Microsoft 365 and Priva’s ability to monitor and action on related workflows allows for a proactive approach to privacy. This capability aligns with our commitment to privacy and data protection, reinforcing our partnership with Microsoft to serve our global clients with solutions that address their privacy management needs.”

—Jon Kessler, Vice President, Information Governance, Epiq Legal Solutions

What will the Priva family address?

In today’s digital landscape, people’s awareness of data privacy has surged to unprecedented levels. Individuals are increasingly aware of the intricate web of data points that define their online existence and how their data is collected and used. This has prompted a collective call for the safeguarding of personal information from unwarranted intrusions and establishing ways for people to take control of their personal data. The public has become more discerning about the need for stringent measures to protect their sensitive data and keep it private. The heightened awareness surrounding individual data privacy rights is not merely a fleeting trend—it’s a fundamental shift in the way society perceives and values the sanctity of personal information.

In response to this evolving landscape, the need to build and maintain customer trust has never been more pronounced. Privacy solutions have emerged to empower organizations to establish transparent and ethical data practices. Building customer trust is about a commitment to empowering individuals to have control over their own data.

Robust privacy solutions are essential for regulatory adherence and in cultivating a culture of transparency, accountability, and respect for user privacy. By embracing more robust privacy solutions, organizations not only fortify their defenses, but they also embark on a journey to forge enduring relationships with their customers—relationships based on mutual trust and data integrity. Beyond regulatory compliance, organizations should use transparent data practices to gain deeper insights into customer preferences, behaviors, and trends. This managed data can become a strategic asset—enabling more informed decision-making, delivering targeted marketing to customers who’ve consent to receive it, and developing personalized services. Prioritizing privacy is not just a legal necessity but a pathway to extracting meaningful and sustainable value from the wealth of data at an organization’s disposal.

Microsoft Priva is here to help your organization meet privacy and compliance requirements

Organizations must mitigate risk for privacy non-compliance and be ready for new and emerging regulations. They need an end-to-end solution that helps them oversee and establish privacy protocols across their entire organization. Microsoft Priva solutions support privacy operations across entire data estates—paving quick and cost-effective paths to meet privacy regulations and avoid the risks of non-compliance. With the Microsoft Priva family, organizations can automate the management, definition, and tracking of privacy procedures at scale to ensure personal data stays private, secure, and compliant with regulations. Let’s take a quick look at each member of the family.

Microsoft Priva Privacy Assessments

Build the foundation of your privacy posture with Microsoft Priva Privacy Assessments—a solution that automates the discovery, documentation, and evaluation of personal data use across your entire data estate. Automate privacy assessments and build a complete compliance record for the responsible use of personal data. Embed your custom privacy risk framework into each assessment to programmatically identify the factors contributing to privacy risk. Lower organizational risk and build trust with your data subjects. Priva Privacy Assessments help at any stage of the privacy journey, enabling you to fully utilize your company’s data while ensuring its proper use.

Key features

• Automate the creation of privacy assessments: Discover and document personal data usage across your data estate through easily created custom assessments.
• Monitor personal data usage: Automate monitoring for changes in data processing activities that require privacy compliance actions.
• Evaluate privacy risks: Design a personalized privacy risk framework and use automated risk analysis based on the data usage information obtained from a privacy assessment.

Microsoft Priva Privacy Risk Management

Microsoft Priva Privacy Risk Management is here to empower you to simplify the identification of unstructured personal data usage. Priva Privacy Risk Management enables you to automate risk mitigation through easily definable policies that conform to your specific needs. It can also help you build a privacy-resilient workplace by identifying personal data and critical privacy risks around it, automating risk mitigation to prevent privacy incidents, and empowering employees to make smart data handling decisions.

Key features

• Identify personal data and critical privacy risks: Gain visibility into your personal data and associated privacy risks arising from overexposure, hoarding, and transfers with automated data discovery, user mapping intelligence, and correlated signals.
• Automate risk mitigation and prevent privacy incidents: Effectively mitigate privacy risks and prevent privacy incidents with automated policies and recommended user actions.
• Empower employees to make smart data handling decisions: Foster a proactive privacy culture by increasing awareness of and accountability towards privacy risks without hindering employee productivity.

Microsoft Priva Tracker Scanning

With data privacy regulation laws surrounding tracking technologies continuously evolving—and fines for non-compliance exponentially increasing—organizations need a platform that enables them to avoid risk and standardize tracking compliance at scale. Microsoft Priva Tracker Scanning empowers organizations to automate the discovery and categorization of tracking technologies—including cookies, pixels, and beacons—across all their websites. With Priva Tracker Scanning, organizations can remediate risks for tracker non-compliance, effectively monitor website compliance, and easily address compliance issues. Priva Tracker Scanning enables your organization to embolden your privacy posture for maximum control and visibility.

Key features

• Register and scan web domains: Automate scans for various forms of trackers—empowering you to quickly identify and categorize all tracking technologies on your websites.
• Evaluate and manage web trackers: Use flexible scan configurations to easily identify missing compliance elements across your websites.
• Streamline compliance reporting: Scan for areas of non-compliance and monitor compliance issues throughout the lifecycle of websites.

Microsoft Priva Consent Management

Gain better value from your user-consented data and meet today’s most challenging data privacy regulations with an approach to streamlining consent management and consented data usage. Built by harnessing Microsoft’s extensive experience and expertise in privacy operations, Microsoft Priva Consent Management provides a solution for bolstering your organization’s personal data consent management and publishing capabilities in a simplified and streamlined manner.

Key features

• Create customizable and regulatory-compliant consent models: Quickly author dynamic consent models using prebuilt templates for easy deployment.
• Streamline the deployment of consent models: Use a centralized process to publish consent models at scale to multiple regions.
• Organization specific layouts: Create on-brand layouts for consent models that conform to changing business needs.

Microsoft Priva Subject Rights Requests

With personal data often distributed across multiple environments, organizations need a solution that enables them to fulfill and manage subject rights requests across their entire data estate for maximum visibility. Crafted from Microsoft’s extensive experience and expertise in data privacy operations, Microsoft Priva Subject Rights Requests is a next-generation privacy solution that enables organizations to automate the fulfillment of subject rights requests across their on-premises, hybrid, and multicloud environments. With Priva Subject Rights Request, organizations can manage the access, deletion, and export of subject rights requests across their entire data landscape. to help build trust with customers.

Key features

• Efficiently manage subject rights requests: Streamline the fulfillment of subject rights request tasks using configurable settings within your workflows, providing end-to-end oversight of subject rights request operations.
• Discover personal data across various data types and locations: Discover and manage subject rights requests across multicloud data estates, including Microsoft Azure, Microsoft 365, and third-party data sources like Amazon Web Services, Google Cloud Platform, and more.
• Create low-code data agents to automate task fulfillment: Create low-code agents to automatically find and fulfill personal data requests using Microsoft Power Automate.

Learn more about new Priva capabilities at the IAPP Global Privacy Summit

From April 2 to 5, 2024, the world’s largest forum for exploring privacy and data protection law, regulation, policy, management, and operations takes place in Washington, D.C. The International Association of Privacy Professionals (IAPP) Summit is a key event for information privacy professionals to learn about innovative solutions and expand your privacy and data protection network. Microsoft will have a strong presence with a spotlight feature, breakout sessions, and networking events. Check the agenda for times and locations for these events and more:

Spotlight stage: Microsoft Priva Privacy—Paul Brightmore, Head of Product for Microsoft Privacy, and Terrell Cox, Vice President (VP) of Privacy Engineering at Microsoft, will be featured on the spotlight stage sharing about Microsoft Priva privacy solutions.

Breakout session: Managing Privacy at Scale—Explore how large organizations keep pace with today’s privacy obligations, share strategies and tools available to manage privacy at scale, and share updates on the latest privacy governance tools. Get insight into the emerging role of AI in managing privacy.

Mainstage session: Regulator’s Agenda—Shifting Priorities and Practices—Julie Brill, Chief Privacy Officer, Corporate VP, Global Privacy, Safety and Regulatory Affairs at Microsoft, moderates this discussion where you’ll learn the top priorities of privacy authorities, understand how AI governance factors into the Data Protection Authorities’ 2024 plans, and review lessons learned from recent privacy enforcement actions.

VIP reception—Microsoft is hosting this event to bring privacy experts together on April 3, 2024. This event promises an engaging showcase of Priva demonstrations, enriching conversations, and valuable insights within the field of privacy. 

CDT Spring Fling—Microsoft is the lead sponsor of this reception organized in partnership with the Center for Democracy in Technology. The event includes a panel discussion on AI as a catalyst for ushering in the next era of data governance. Julie Brill, Chief Privacy Officer, Corporate VP, Global Privacy, Safety and Regulatory Affairs at Microsoft, will be speaking on this panel.

LGBTQ+ Allies After Party—Registration and tickets are required in advance for this Wednesday, April 3, 2024, afterparty at Pitchers. We hope to see you there.

Optimize your privacy operations today, and streamline compliance adherence

Thanks for taking the time to get to know the members of the Microsoft Priva suite of products. We’re so excited to continue to be your trusted partner in helping you meet your privacy and compliance regulations. Please check in on the Priva family from time to time to stay informed about our products.

Interested in learning more now? Head over to the Microsoft Priva homepage. To get a deeper dive into our product capabilities, read our Tech Community post or watch our video.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft Priva announces new solutions to help modernize your privacy program appeared first on Microsoft Security Blog.

Microsoft respects the vital role that privacy plays with customers. We provide solutions that help organizations meet their privacy obligations, and today we are excited to announce enhancements to Microsoft Priva.

Microsoft Priva

Protect personal data, automate risk mitigation, and manage subject rights requests at scale.

Learn more

How can Microsoft Priva help?

Microsoft Priva brings automated functionality to help organizations meet adapting privacy requirements related to personal data. Today, Microsoft Priva offers two solutions:

Microsoft Priva Privacy Risk Management

Microsoft Priva Privacy Risk Management helps organizations manage privacy risks related to data hoarding, data overexposure, and data transfers, and empowers employees to make better data-handling decisions. Priva Privacy Risk Management supports organizations by:

• Identifying personal data and privacy risks: It allows organizations to leverage auto-classification technology to identify more than 308 personal data types in the Microsoft 365 environment, with no configuration needed. Admins can see personal data by location, geography, and types. In addition to helping organizations know their personal data landscape, Microsoft Priva also detects the associated risks around personal data and gives admins actionable insights.

• Automating mitigation and preventing privacy incidents: Organizations can create policies from pre-configured templates to automate privacy risk mitigation:
  • Data minimization: Helps detect unused personal data, send users email digests to review and delete obsolete items, and provides privacy training to reduce data hoarding.
  • Data transfer: Helps detect personal data movements between customizable boundaries, such as geography or departments, and blocks risky transfers in near real time.
  • Data overexposure: Helps detect personal data overshare, informs file owners to review and adjust access, and provides privacy training to reduce overexposure incidents.

• Empowering employees to make smart data-handling decisions: Admins can configure Priva to help employees make better data-handling decisions, as no one knows the value of their files more than the data owner. Microsoft Priva can trigger a system-generated email or Microsoft Teams message to a data owner with recommended actions and privacy best practices—right in their flow of work.  

Microsoft Priva Subject Rights Requests

Depending on where you are in the world today, there will be varying privacy regulations that impact your business, and even if you’re not impacted much today, chances are that it’s a matter of time before they are enabled. Many of these privacy regulations empower people to exercise their rights over their data, requesting that the organizations they do business with or work for provide a log of all personal data collected. For organizations, the process of completing subject rights requests can be a manual, complex, time-consuming, and expensive process, that is also time bound. Microsoft Priva Subject Rights Requests help organizations manage requests at scale and with confidence by:

• Automating discovery: Gathers the requestor’s personal information and detects data conflicts such as sensitive information or data pertaining to other users.
• In-place review and secure collaboration: Review and redact files located in the live system in their native views without creating duplicate copies and bring collaboration to a protected platform.
• Ecosystem integration: Plugs into organizations existing processes to manage requests in a unified way across digital estate. Microsoft Graph subject rights requests API integrates Priva Subject Rights Requests with in-house or partner-built privacy solutions.

Enhancements to Microsoft Priva

Updates to Microsoft Priva include added customization, better insights, easier collaboration, powerful review options, and so much more.

What’s new with Microsoft Priva Privacy Risk Management?

Deeper data viewpoints

The data minimization policy in Privacy Risk Management has been a highly resonating privacy scenario. With this update of day zero insights, admins will be able to view data minimization policy insights 72 hours after starting Priva, with a view of data up to the past 90 days. Previously, customers would have waited at least 30 days to catch policy matches. With a better history of data, privacy admins can understand privacy trends better, and use these data points to strategize the best approach for their organizations.

Better together integration

Microsoft Purview Compliance Manager offers data protection and privacy assessment templates that correspond to compliance regulations and industry standards around the world. Now available is Microsoft Priva working hand-in-hand with Compliance Manager. With this update, admins can take specific actions within Microsoft Priva that achieve points that count toward assessment completion and increase the overall compliance score. Examples of actions that can detect and provide credit include admins setting up a Privacy Risk Management policy, or enabling data retention limits for a subject rights request—prompting collaboration that yields better together productivity. 

Figure 1. Visual of Compliance Manager recognizing actions taken within the Priva solution in the “improvement actions” section of Compliance Manager. 

Additionally, insights from Compliance Manager will now populate within Priva itself. This update brings recommendations on actions that will help admins align to regulations and improve their score in Compliance Manager. 

What’s new with Microsoft Priva Subject Rights Requests?

Fulfill more request types

Many regulations, including General Data Protection Regulation and California Consumer Privacy Act include the right to be forgotten, giving people the ability to request the deletion of all the information an organization has collected about them, with a few outlined exceptions that allow data retention. Today, we are excited to share that Priva Subject Rights Requests delete is now generally available—admins can now select delete as a request type, or get started with the delete template and get purpose-built flows that help surface conflicts and streamline deletion (leveraging the Microsoft retention and deletion platform and working better together with teams already using data lifecycle management and records management). This feature will also enable admins to have the flexibility to select different approvers for any given request and, once the workflow is complete, access the reports tab where they can view their summary report and review results.

Figure 2. Stage three of five of a delete subject rights requests in progress within the Priva Subject Rights Request solution.

Watch this short video to see Priva Subject Rights Requests delete in action.

Learn more

As the data protection landscape continues to shift, many organizations are working to prioritize the privacy needs of a data-driven world. We welcome you to learn more about how Microsoft Priva can help and invite you to try Microsoft Priva free today. 

Visit our latest Tech Community Priva blog for additional Microsoft Priva updates and details.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹From Privacy Vulnerability to Privacy Resilience, Microsoft. August 2022.

²Gartner®State of Privacy: The Privacy Tech Driving a New Age of Data Wealth. August 2022.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

The post Navigating privacy in a data-driven world with Microsoft Priva appeared first on Microsoft Security Blog.

The downside? Using multiple cloud platforms can create inconsistent infrastructures that don’t scale across environments. This can lead to teams working in silos—bringing increased complexity, additional costs, network security gaps, and risks to business-critical applications and data. It’s not unheard of for some organizations to own 80 to 100 different security tools stitched across hybrid and multicloud environments, while still wondering: are we secure? In this blog, we’ll help you answer that question by detailing four qualities a multicloud data-protection solution should provide and how Microsoft Purview can help unify security, compliance, and data protection across your enterprise.

Multiple clouds require unified data protection

Enabling multicloud integration and automation at scale is essential for fostering a robust partner ecosystem. Since 89 percent of enterprise customers have moved to a multicloud environment, maintaining security across your expanding data estate is necessary.¹ Patchwork solutions can create vulnerabilities; whereas, a comprehensive solution is able to deliver seamless data protection and data governance across your entire digital estate.

Look for a multicloud security and data-protection solution that:

1. Unifies auto-discovery and protection of sensitive data. Your multicloud data-protection solution should provide comprehensive security and compliance tools that span both first- and third-party apps and services to include Personally Identifiable Information (PII), such as home addresses, date of birth, and Social Security Numbers. Look for features such as built-in sensitivity labeling within applications and services, including popup user notifications that help guide users on security best practices. These features help ensure all sensitive data is correctly classified and labeled so that files can’t be exfiltrated without proper permissions.
   
   A data-protection solution with rights management and automatic encryption of emails (and attachments), as well as co-authoring of encrypted documents, will help to ensure secure collaboration. Your multicloud security tool should be flexible enough to allow manual labeling of some sensitive files for leadership-only access (like mergers and acquisitions projects), while also enabling admins to automatically label and protect business files stored in Microsoft SharePoint or Microsoft Teams (like Confidential labels for Finance or HR records). This tool should also be able to scan and classify on-premises file shares, as well as cloud applications and services.
2. Protects sensitive files and documents from being exfiltrated to third-party applications and services. More than 40 percent of corporate data is dark.² Meaning, it’s not classified, protected, or governed. This invites risk in the form of sensitive data leakage, which can harm your reputation and, in the case of leaked PII, lead to costly litigation. Your multicloud security solution should be able to classify files and documents, apply sensitivity labels, provide sharing controls and file governance, and use near real-time data loss prevention policies to prevent data leakage across third-party apps.
3. Uses automated data discovery across structured and unstructured data. Every organization needs to be able to securely share data both internally and with partners and customers. That’s why your data protection solution needs to provide data scanning and classification for all types of assets across multicloud and on-premises environments. Metadata and descriptions of data assets should be integrated into a holistic map of your data estate. Atop this map, purpose-built apps can create environments for data discovery, access management, and insights about your data landscape.
4. Applies Zero Trust principles to your entire digital estate. This includes strong multifactor authentication to verify user identities, as well as ensuring all endpoints are in compliance. Your data-protection solution should also ensure that governance and compliance policies are built in, and continuous risk assessment and forensics capabilities are implemented. Other key functions should include classifying, labeling, and encrypting emails and documents, as well as adaptive access to software as a service (SaaS) applications and on-premises applications.

Integrate for comprehensive protection

Overcoming the siloed approach in a multicloud environment can be a challenge. However, the risks are too great to make do with ad-hoc, patchwork security solutions. Beyond PII, also at stake is your business’s intellectual property (IP), financial statements, organizational structures, employee contacts, and other information that could be targeted with ransomware, phishing, and password attacks.

Microsoft Purview’s information protection and governance capabilities help your organization address potential data vulnerabilities across a multicloud environment by integrating information protection and data lifecycle management, along with data loss prevention, insider risk management, and eDiscovery. Microsoft Purview’s data governance portal helps manage your entire data landscape—on-premises, multicloud, and SaaS—allowing you to create a comprehensive, up-to-date map of your data wherever it resides. This unified governance enables data curators and security admins to keep your data secure; all while empowering users to find the trustworthy data they need.

Microsoft Priva adds another layer of protection with privacy risk management, helping to identify data-privacy risks and automate mitigation wherever the data lives. To accommodate individuals making requests to review or manage their personal data about themselves, Microsoft Priva Subject Rights Requests includes the Microsoft Graph subject rights requests API. This powerful API helps your organization do more with less by automating searches across Microsoft Exchange, Microsoft OneDrive, SharePoint, or Teams.

And to protect the business-critical apps you rely on, Microsoft Defender for Cloud Apps helps you classify sensitive information using real-time controls that monitor data accessed across your multicloud environment. As a cloud access security broker (CASB), Defender for Cloud Apps blocks attacks against your apps using automated identity governance, and it integrates seamlessly with Microsoft Entra Permissions Management to root out and remediate permission risks.

Look for a built-in data protection solution

Any data-protection solution needs to address the four areas discussed—unified discovery and protection, protection against data exfiltration, control of unstructured data, and a foundation of Zero Trust—across hybrid and multicloud environments. Both Microsoft 365 and Microsoft Azure are purpose-built with Zero Trust as a core architectural principle. And with comprehensive, integrated solutions for information protection, data governance, risk management, and compliance, Microsoft Purview builds on all four pillars—so you can move forward, fearless.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹How Many Companies Use Cloud Computing in 2022? All You Need To Know, Jacquelyn Bulao, Tech Jury, November 26, 2022.

²Unlocking the hidden value of dark data, Maria Korolov, CIO. August 11, 2022.

The post 4 things to look for in a multicloud data protection solution appeared first on Microsoft Security Blog.

When organizations respond to subject rights requests, they are both meeting their regulatory requirements and providing people with control over their personal data. Although responding to requests can be quite complex, Microsoft Priva Subject Rights Requests can help ease the process—and with the preview arrival of Right to be Forgotten, Priva Subject Rights Requests can further support how organizations respect the privacy of their customers and employees.

Understanding how people think about privacy

As many businesses around the world adapt their privacy practices, having both the tools that help address privacy requirements and a good understanding of how consumers perceive and feel about privacy are key to enabling trust with customers. Microsoft Priva, the brand category for Microsoft Security, was announced at Microsoft Ignite in 2021 by Vasu Jakkal, Corporate Vice President of Microsoft Security, Compliance, and Identity.² Priva solidified our commitment to supporting organizations in their privacy journey with products that help safeguard personal data and manage subject rights requests at scale. For organizations, having processes that help manage their privacy is critical, but it is also valuable to have a deep understanding of how people really think about privacy to guide their practices. We recently commissioned privacy research that explores the emotional textures of privacy and what triggers privacy vulnerability. We learned that when businesses empathize with the privacy concerns people have and transparently address them, they foster trust and differentiate themselves from competitors.

It’s important for organizations to assess the varying causes that spark privacy vulnerability for both their consumers and their business. For example, a consumer may feel anxious or helpless because they don’t know how their personal data is being used. However, if they are provided with transparency of how their data is being used and given clear options that enable the control of their data, their insecurities could be eased and trust in the process earned. For a business, privacy vulnerability could present itself through limited transparency or basic compliance—leaving room for privacy risk to potentially unfold. For instance, a business that might fulfill a data subject request unconvincingly, or with basic effort, could be managing its privacy at a vulnerable level. If that business were to practice a “beyond-compliance,” human-centered privacy approach, they could yield practices that help them build privacy resilience—helping them stand apart from their competitors while they earn trust from their customers.

Figure 1. The differing perspectives of consumers and businesses regarding privacy vulnerability versus privacy resilience.

The above figure demonstrates a privacy scale ranging from vulnerable to resilient and includes both consumer and business perspectives. On the consumer side, it ranges from feeling anxious, helpless, and lacking knowledge or motivation in protective coverage to secure, being in control, trusting the process, and being skilled in protective coverage. On the business side, it ranges from basic compliance, limited transparency, minimal control, and reactive approaches to beyond compliance, authentic privacy care, reciprocating data for value, and a proactive approach to consumer protection.

Microsoft Priva Subject Rights Requests can help

Many times, even though an organization may be focused on a proactive privacy approach, managing and responding to subject rights requests can be a tedious and cumbersome process. It can be extremely time-consuming and taxing as they are also time-bound, bringing extra complexity to the organization. Responding to these requests often requires a tremendous amount of collaboration and manual review, and producing just a single request can be quite expensive. Nonetheless, completing these requests is not just an obligatory requirement, but also a tangible way that expresses respect for customer and employee privacy.

Priva helps organizations more efficiently manage requests at scale—Priva Subject Rights Requests automates the search and collection of content relevant to the data subject and facilitates tasks such as in-line review, redaction, and collaboration, all from an easy-to-use dashboard. Admins can easily get started by leveraging request templates that help them create requests with recommended default configurations and use Microsoft Power Automate integration, as well as API support to better fit into their existing processes.

Figure 2. Priva Subject Rights Requests overview dashboard showing insights.

Priva Subject Rights Requests help admins meet the strict deadlines associated with regulations like GDPR and ease the administrative burden of tedious tasks related to collection, review, and redaction. Completing a request also often requires teamwork from various departments within the organization. Priva provides secure collaboration through Microsoft Teams and keeps a history tab, highlighting actions taken from all collaborators for easy auditing—streamlining the complexity of requests from beginning to post-completion.

Microsoft Priva Subject Rights Requests highlights:

• Automates discovery: Gathers the requestor’s personal information and detects data conflicts such as sensitive information or data pertaining to other users.
• In-place review and secure collaboration: Review files in place in their native views, perform redactions in-line with built-in tools, and consolidate collaboration within a protected platform.
• Ecosystem integration: Plugs into an organization’s existing process to manage requests in a unified way across the digital estate. Microsoft Graph subject rights requests API integrates Priva Subject Rights Requests with in-house or partner-built privacy solutions.

The newest Priva Subject Rights Requests update, Right to be Forgotten, is here

Video 1. Microsoft Priva Subject Rights Requests (SRRs) new feature Right to be Forgotten is now in preview. See how we demonstrate going through a delete request using Microsoft Priva.

Both GDPR and CCPA include the Right to be Forgotten, giving people the ability to request the deletion of all the information an organization has collected about them, with a few outlined exceptions that allow data retention. For example, a former employee in an EU-based company believes she left documents containing her personal data in SharePoint. The employee can exercise her right to her personal data and make a subject rights request for deletion with that organization. As Priva Subject Rights Requests continues to evolve, we are excited to share the preview release of Right to be Forgotten, helping organizations meet requests such as the employee’s request for deletion.

This marks a significant update for Priva Subject Rights Requests as with this new feature, admins can now select delete as a request type, or get started with the delete template and get purpose-built flows that help surface conflicts and streamline deletion—leveraging the Microsoft retention and deletion platform and working better together with teams already using data lifecycle management and records management. This feature will also enable admins to have the flexibility to select different approvers for any given request and, once the workflow is complete, access to the reports tab where they can view their summary report and review results.

Figure 4. Delete request in the approval stage, showcasing approver details and the complete approval button.

Learn more

Although completing subject rights requests can be complex, Microsoft Priva Subject Rights Requests can help ease the process. As organizations continue to adapt to the privacy changes that impact their customers and their business, we are reminded that although changes to the privacy landscape are inevitable, there are resources to support these shifts. We invite you to learn more about Priva Subject Rights Requests by downloading our free eBook and encourage you to try Microsoft Priva Subject Rights Requests free trial today.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹State of Privacy: The Privacy Tech Driving a New Age of Data Wealth, Gartner®. August 2022.

²Protect your business with Microsoft Security’s comprehensive protection, Vasu Jakkal, Microsoft Security. November 2, 2021.

The post Simplify privacy protection with Microsoft Priva Subject Rights Requests appeared first on Microsoft Security Blog.

However, annual reminders are insufficient to drive material change, which can be seen in the effectiveness rates of one-off trainings. According to the forgetting curve theory, employees forget about 75 percent of training after just six days.¹ Imagine the lack of knowledge retention for employees of organizations that only do annual privacy training.

To help you with this challenge, we are excited to re-emphasize our commitment to helping organizations build a privacy-resilient workplace with Microsoft Priva, which was announced by Vasu Jakkal, Corporate Vice President of Microsoft Security, Compliance, and Identity, last year at Ignite. Microsoft Priva is the new brand of privacy solutions provided by Microsoft moving forward. Currently, the Microsoft Priva solution offers two products:

1. Priva Privacy Risk Management: Proactively identify and remediate privacy risks arising from data transfers, overexposure, and hoarding, and empower information workers to make smart data handling decisions.

2. Priva Subject Rights Requests: Manage subject rights requests at scale with automated data discovery and privacy issues detection, built-in review and redact capabilities, and secure collaboration workflows.

Managing privacy data requires understanding the context around the data, including why information workers collect the data and the intent of use. The integration of Microsoft Priva with your day-to-day productivity tools and business applications gives organizations the power to effectively influence employees to make positive decisions on personal data handling. The in-the-moment nudges drive fundamental behavioral changes, helping people make good data handling decisions in the context of their daily activities.

For example, when a user collects personal data but hasn’t used it for more than 180 days, it may no longer have business value but can increase the risk surface area. To adhere to a principle of data minimization, Microsoft Priva can send a system-generated reminder to the data owner to review the file and make a decision to delete or provide a business justification to keep it. Users can easily take action within the Outlook interface, safeguarding personal data without impeding productivity.

Figure 1. Help identify unused personal data and empower users to make smart data handling decisions.

Privacy administrators can also set up policies to detect personal data overexposure and notify data owners to review access to the file, with similar experience in the abovementioned example. This feature can help companies who audit file or site access manually, which could be time-consuming and overlook risks between audits.

Microsoft Priva can also help govern communication to support organizations meeting data transfer requirements. In Microsoft Teams, the most commonly used communication platform, users can receive near-real-time notifications and guidance when sending personal data across regions or departments. Privacy administrators can customize the transfer boundaries to adhere to the company’s privacy policies.

Figure 2. Detect cross-border or cross-department data transfer in Teams and provide just-in-time guidance.

In addition to the user experience, Microsoft Priva also provides an aggregated view of privacy posture showing key insights of detected privacy risks. Admins can easily spot privacy issues and fine-tune policies to engage with users. Microsoft Priva solutions are designed with the concept of privacy by default. User information is pseudonymized by default in the admin interface.

Figure 3. Provide an aggregated view to admins to gain visibility into privacy issues.

Since launching Microsoft Priva, we heard great feedback from customers, including Novartis, the world’s leading pharmaceutical company, which is currently in a trial with Microsoft Priva solutions.

“Microsoft Priva will help us identify and prevent critical privacy risks that arise from transferring private data across borders and oversharing. We’ll empower our employees to mitigate risks themselves, freeing our IT resources to focus on more urgent high-severity risks.”—Beni Gelzer, Head of Data Privacy (Switzerland), Novartis

Read more about how Novartis uses Microsoft Priva to enable its employees with a solution that works with them.

Learn more

Microsoft Priva solutions are generally available for customers as an add-on to all Microsoft 365 or Office 365 enterprise subscriptions. If you are interested in learning more about Microsoft Priva solutions, we encourage you to start the 90-day free trial today to experience the product directly. If you can’t see the “start trial” button on the page, contact your Global Admin to gain permission for the solution. Learn more about the trial program in this trial playbook.

We hope that Microsoft Priva can help increase your employees’ awareness of data privacy continuously throughout the year so that you can build a privacy resilient workplace. Happy international Data Privacy Day!

To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. 

¹The Forgetting Curve, Data & Visuals, Harvard Business Review. October 2019.

The post Build a privacy-resilient workplace with Microsoft Priva appeared first on Microsoft Security Blog.