Microsoft Priva is generally available to GCC, GCC High and DoD
Safeguard personal data, automate risk mitigation, and manage subject rights requests with Microsoft Priva.
For years, existing privacy regulations like the Privacy Act and the Freedom of Information Act (FOIA) have been paving the path for how government organizations prioritize privacy. As the privacy landscape continues to evolve, the way that government organizations respond to privacy regulations will be critical to maintaining their privacy posture and responding to constituent requests. Microsoft’s newest security brand category,Microsoft Priva,was first announced at Ignite in 2021—today, we are excited to announce the general availability of Microsoft Priva for the Government Community Cloud (GCC), GCC High, and Department of Defense (DoD) customers.
Priva Privacy Risk Management (PRM) not only helps manage privacy risks related to excessive data storage, data overexposure and data transfers, but it also empowers employees to make better data-handling decisions. Privacy Risk Management supports organizations by:
Identifying personal data and privacy risks: Allows organizations to leverage the auto-classification technology to identify more than 200 personal data types in the Microsoft 365 environment, with no configuration needed. Priva also offers classification groups out of the boxaligned toregulations most important to our customers like HIPAA and U.S. State Breach Notification Laws to make it easier to get started withpolicy deployment.
The Sensitive Information Types, both out of the box and custom, that an organization may already be using in Microsoft Information Protection are available in Priva as well, providing additional benefits to the organization from their information protection program.
Admins can see personal data by location, geography, and types. In addition to helping organizations know their personal data landscape, Microsoft Priva also detects the associated risks around personal data and gives admins actionable insights to improve their privacy posture.
Automating mitigation and preventing privacy incidents: Organizations can create policies from pre-configured templates to automate privacy risk mitigation:
Data Minimization: Helps detect unused personal data, sends users email digests to review and delete obsolete items, and provides privacy training to reduce excessive data storage.
Data Transfer: Helps detect personal data movements between customizable boundaries, such as geography or departments, and block potentially risky transfers in near real time.
Data Overexposure: Helps detect personal data overshare, informs file owners to review and adjust access, and provides privacy training to reduce overexposure incidents.
Empowering employees to make smart data-handling decisions: System admins and privacy owners can tune into the set privacy policies and remediate privacy risks, as well as configure training for employees, yielding increased privacy awareness. For instance, Microsoft Priva can trigger a system-generated email to a data owner with recommended actions and privacy best practices that address privacy policies right in their flow of work—helping employees make better data handling decisions over time.
These emails can include links to training, providingreinforcement of the organization’s privacy awareness program in context where it is most impactful.
Figure 2. Priva system generated email to employeeallowing them to remediate privacy risks from their inbox and providing privacy awareness in context.
Microsoft Priva Subject Rights Requests
Figure 3. Priva Subject Rights Request dashboard showing insights, like active, closed, and total requests.
Completing Subject Rights Requests (SRRs) is often a manual and cumbersome processwhen dealing with unstructured data—it can be very time-consuming and expensive to complete. Nonetheless, responding to these requests is critical to staying compliant with modern privacy requirements. For example, where a public disclosure request such as a request under the Freedom of Information Act (FOIA)requires the disclosure of data on an individual, Microsoft Priva Subject Rights Requests functionality can make the response more efficientand auditable.
Priva SRRs helps organizations manage requests at scale and respond with confidence by:
Automating discovery: Gathers the requestor’s personal information and detects data conflicts such as sensitive information or data pertaining to other users.
In-place review and secure collaboration: Review and redact files located in the live system in their native views without creating duplicate copies and bring collaboration to a protected platform.
Figure 4. Redact other personal data in the annotation view of the collected file in Priva SRRs
Ecosystem integration: Plugs into organizations existing processes to manage requests in a unified way across digital estate. Microsoft Graph subject rights requests API integrates Priva Subject Rights Requests with in-house or partner-built privacy solutions.
Get started today
Microsoft Priva can help you protect constituentpersonal data and keep privacy top of mind in a landscape of ever-changing privacy requirements. We encourage you to learn more about Microsoft Priva by visiting our website, and technical documentation pages:
Did you know? The Microsoft 365 Roadmap is where you can get the latest updates on productivity apps and intelligent cloud services. Check out what features are in development or coming soon on the Microsoft 365 Roadmap where you can filter by government environment (Government Community Cloud, Government Community Cloud-High, and Department of Defense).