What is Microsoft Priva?
International privacy laws for data protection are on the increase; in 2021, at least 120 countries were engaged in activities to ensure their citizens (and their data) benefited from enhanced protection and control. It stands to reason that this practice will increase in 2022 (and beyond), and the effective, trustworthy handling of both employee and customer data should be at the forefront of every organisation’s privacy goals.
Microsoft Priva helps organisations improve their stance on privacy, eliminating the need for manual, and often mismatched toolsets. It will help protect against common issues, such as data hoarding, oversharing, and handling, as well as empowering employees to make informed data handling decisions, and enabling the automation and management of data subject access requests (DSARs) at scale.
What Can Microsoft Priva Do?
Microsoft Priva is comprised of two solutions: Priva Privacy Risk Management, which provides visibility into your organisation's data and policy templates for reducing risks; and Priva Subject Rights Requests, which provides automation and workflow tools for fulfilling data requests.
Privacy Risk Management
Deployed as policies, these cover three key areas and leverage built-in and custom sensitive information types to evaluate personal data.
Limiting data overexposure
Data overexposure policies can evaluate data stored in M365 and alert when this data may be over-permissioned or stored incorrectly. For example, Priva can alert to the presence of personal data on an internal Teams site accessible to many staff, significantly increasing the potential for a data breach. Remediation actions can include making content private, notifying content owners, or tagging content for further review.
Finding and mitigating data transfers
Ensuring the secure transfer of personal data can be a challenge and presents a significant risk to all organisations. Data transfer policies in Priva can help detect and limit transfers; for example, where these would cross geographic boundaries (violating data sovereignty requirements), or egress outside of the organisation (undermining lawful basis and consent to process the data). Remediation actions can include presenting users with policy tips and sending email notifications that allow them to take corrective action, such as marking the content as private, notifying content owners, or tagging it for further review.
Minimising stored data
It is not uncommon for organisations in all verticals to collect significant amounts of personal data over time. Data minimisation policies monitor for this content, alerting admins when specified thresholds are met. Remediation options include identifying data to be disposed of, notifying content owners, or tagging the content for further review
Subject Rights Request
This solution helps respond to Data Subject Access Requests (DSARs) inquiries. It provides workflows, automation, and collaboration tooling to uncover the required subject data, review the results, collect appropriate files, and produce reports.
Subject Rights Request is fully aware of other Microsoft tools deployed across the organisation, such as Information Protection, and can flag results that may be sensitive or confidential in nature and require more in-depth review before disclosure. Subject Rights Requests also support data matching to enable increased accuracy in locating data subject content and more precise search results.
Once a search has been completed, the DSAR can be reviewed, with Priva providing a clear snapshot of returned results, as well as priority items that may require more in-depth review, especially where results may contain multi-user data and require redaction. To ease the workload, collaboration with other reviewers can be enabled, leveraging a dedicated private channel in Microsoft Teams to ensure the integrity of the DSAR. Further integration with Power Automate allows for built-in and custom workflows to enable greater productivity and turnaround time for each DSAR.
Licensing and More Info
These solutions are licensed independently and are applied in addition to any existing Office 365 A1/E1/A3/E3/A5/E5 and Microsoft 365 A3/E3/A5/E5 subscriptions. Whilst Priva is enabled at a tenant level, any user intended to benefit from Privacy Risk Management should be licensed. Subject Rights Requests can be purchased in blocks of 1, 10, or 100 and apply to the subject of the DSAR.
To learn more about Microsoft Priva and how your organisation can benefit from its capabilities don’t hesitate to contact us by emailing us at [email protected]
Additionally, download our on-demand webinar on Microsoft Priva and use the links below to continue exploring the capabilities of Microsoft Priva and the Microsoft Purview product family.