More and more countries are enacting modern General Data Protection Regulation-type regulations and impacting people all over the world. According to Gartner®, by the end of 2024, three-quarters of the world's population will have its personal data covered by modern privacy regulations.[1] As these regulations continue to evolve, consumers are paying attention to the way their personal data is being managed. We recently commissioned privacy research that dives into what triggers privacy vulnerability and why investing in a privacy resilient workplace is imperative to establishing trust—shifting privacy from a compliance-driven approach toward a more human-centric one. Microsoft’s newest security brand category, Microsoft Priva, can help organizations foster a privacy culture that builds trust and keeps privacy top of mind.
Microsoft Priva was announced by Vasu Jakkal, Corporate Vice President of Microsoft Security, Compliance, and Identity, last year at Ignite. Today, Microsoft Priva offers two products to help organizations in their privacy journey: Priva Privacy Risk Management and Priva Subject Rights Requests.
Organizations have a tremendous responsibility toward respecting and protecting their customer’s privacy. Fostering a privacy culture is an important investment for businesses that makes a lasting impact—it goes beyond completing a privacy/compliance checklist and emphasizes that everyone in the organization has a part to play in keeping a strong privacy posture.
Microsoft Priva Privacy Risk Management
Priva Privacy Risk Management (PRM) not only helps organizations manage privacy risks related to data hoarding, data overexposure and data transfers, but it also empowers employees to make better data-handling decisions. Privacy Risk Management supports organizations by:
Identifying personal data and privacy risks: Allows organizations to leverage the auto-classification technology to identify more than 200 personal data types in the Microsoft 365 environment, with no configuration needed. Admins can see personal data by location, geography, and types. In addition to helping organizations know their personal data landscape, Microsoft Priva also detects the associated risks around personal data and gives admins actionable insights to improve the privacy posture.
Automating mitigation and preventing privacy incidents: Organizations can create policies from pre-configured templates to automate privacy risk mitigation:
- Data Minimization: Helps detect unused personal data, send users email digests to review and delete obsolete items, and provide privacy training to reduce data hoarding.
- Data Transfer: Helps detect personal data movements between customizable boundaries, such as geography or departments, and block risky transfers in near real time.
- Data Overexposure: Helps detect personal data overshare, inform file owners to review and adjust access, and provide privacy training to reduce overexposure incidents.
Empowering employees to make smart data-handling decisions: System admins and privacy owners can tune into the set privacy policies and remediate privacy risks, as well as configure training for employees, yielding increased privacy awareness. For instance, Microsoft Priva can trigger a system-generated email to a data owner with recommended actions and privacy best practices that address privacy policies right in their flow of work—helping employees make better data handling decisions without skipping a beat.
What’s new at Ignite?
We are excited to announce that when configuring a data transfer policy, Priva Privacy Risk Management now enables organizations to define and customize boundaries using Azure Active Directory attributes, such as department and subsidiaries, Microsoft 365 Groups and SharePoint sites, and automatically detects and blocks personal data that crosses set boundaries. For example, when Bob from the US subsidiary tries to send personal data to Sam in the Germany subsidiary, the message can be automatically blocked with an option to override the policy. This feature is rolling out in public preview.
Microsoft Priva Subject Rights Requests
For many organizations, completing Subject Rights Requests (SRRs) is a manual and cumbersome process—it can be very time-consuming and expensive to complete. Nonetheless, companies need to respond to these requests to stay compliant with modern privacy laws. Priva SRRs helps organizations manage requests at scale and respond with confidence by:
Automating discovery: Gathers the requestor’s personal information and detects data conflicts such as sensitive information or data pertaining to other users.
In-place review and secure collaboration: Review and redact files located in the live system in their native views without creating duplicate copies and bring collaboration to a protected platform.
Ecosystem integration: Plugs into organizations existing processes to manage requests in a unified way across digital estate. Microsoft Graph subject rights requests API integrates Priva Subject Rights Requests with in-house or partner-built privacy solutions.
What’s new at Ignite?
We are thrilled to announce several updates that make using Priva Subject Rights Requests increasingly efficient. Customers can now import files from non-Microsoft 365 environments, such as on-premises storage locations, or cloud-based systems where files exist for the data subject. This enables the additional data for review and leverages Priva Subject Rights Requests automated review and collaboration capabilities.
We also added a new feature to drive efficient and compliant collaboration. Responding to SRRs usually requires teamwork across multiple departments, such as legal, IT, HR, etc., each taking various actions toward a request. With this update, collaborators can now see the history of actions/tasks taken in the past. It helps collaborators synchronize their knowledge of the request more easily by learning the history, like when an action is taken and by whom. Additionally, it supports defensibility from an audit perspective. It helps admins respond to regulators inquiries, as often those inquiries require understanding the history of the request.
To help organizations ease the process of starting subject rights requests, Priva Subject Right Requests now provides templates that help customers create requests with more recommended default configurations. For example, a privacy admin can create a data export request for a former employee in a minute or two when using the out-of-the-box templates. Starting the request with a template also streamlines the search and improves the relevance of the data found, making the review process more effective.
Finally, if an organization uses our Subject Rights Requests API to connect to their privacy management ecosystem, like a privacy management ISV or homegrown tool, the new API scoping now allows admins to scope the searches by location or conditions, instead of searching data org wide. Admins can use this new capability to scope mailbox locations or sites at the start via the API, producing better searches and without waiting for the initial data estimate to complete. This is available in public preview.
Learn more about Microsoft Priva
Taking a proactive privacy approach takes a collective effort—Microsoft Priva provides tools that not only help admins manage privacy risks and automate subject rights requests, but also provides employees powerful privacy insights and recommendations. We encourage you to learn more about Microsoft Priva by visiting our website and trying Microsoft Priva free with our 90-day trial.
Did you know? The Microsoft 365 Roadmap is where you can get the latest updates on productivity apps and intelligent cloud services. Check out what features are in development or coming soon on the Microsoft 365 Roadmap.
[1] Gartner®State of Privacy: The Privacy Tech Driving a New Age of Data Wealth, Aug 2022,
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.