Last week, the 2023 IAPP Global Privacy Summit was held in Washington DC. There, privacy professionals and leaders from around the world came together to promote learning and awareness for data privacy. IAPP GPS served as a platform for individuals and organizations to come together to put privacy at the forefront of business practices—showcasing that the right set of tools can help meet fast-paced privacy regulatory changes.
Microsoft Priva was launched in 2021 to help organizations in their privacy journeys. Microsoft Priva brings automated functionality to help organizations meet adapting privacy requirements related to personal data. Microsoft Priva solutions are:
Priva Privacy Risk Management: Helps proactively identify and remediate privacy risks arising from data transfers, overexposure, and hoarding, and empowers information workers to make smart data handling decisions.
Priva Subject Rights Requests: Helps manage subject rights requests at scale with automated data discovery and privacy issues detection, built-in review and redact capabilities, and secure collaboration workflows.
What’s new with Priva Privacy Risk Management?
Improved customization when creating policies.
We are excited to announce that when configuring a data transfer policy, Priva Privacy Risk Management now enables organizations to define and customize boundaries using Azure Active Directory attributes. The ability to configure flexible boundaries is now generally available—these boundaries can be set by department and subsidiaries, Microsoft 365 Groups and SharePoint sites, and automatically detect and block personal data that crosses set boundaries. For example, when Bob from the US subsidiary tries to send personal data to Sam in the Germany subsidiary, the message can be automatically blocked with an option to override the policy.
Figure 1. Options within Priva to choose boundaries for data transfer policies.
When setting up policies in Priva, configuring alerts help privacy admins take action to remediate privacy risks. Now available is added customizability for setting alerts in Priva Privacy Risk Management. This can be especially useful as organizations might have different risk appetites or profiles when it comes to managing privacy data. With this update, admins can set up and customize alerts for high-risk violations—for instance, admins can set up an alert, like detecting and flagging incidents of large volumes of personal data or high impact regulatory personal data, and receive alerts based on their preferences. This functionality can help ensure that alerts are more relevant and thus easier to act upon.
Figure 2. Alert customization options within the policy creation wizard in Priva Privacy Risk Management.
Better together integration.
Microsoft Purview Compliance Manager offers data protection and privacy assessment templates that correspond to compliance regulations and industry standards around the world. Now in preview is Microsoft Priva working hand in hand with Compliance Manager. With this update, admins can take specific actions within Microsoft Priva and see those actions reflected in their organization’s overall compliance score automatically. Additionally, it can detect whether admins have created data transfer, data minimization or data overexposure policies within Priva Privacy Risk Management, as well as enabling and enforcing data retention limits for data in Priva Subject Rights Requests—allowing for collaboration that yields better together productivity.
Figure 3. Visual of Compliance Manager recognizing actions taken within the Priva solution in the “improvement actions” section of Compliance Manager.
Additionally, insights from Compliance Manager will populate within Priva itself. This update in preview will bring recommendations on actions that will help admins align to regulations and improve their score in compliance manager.
What’s new with Priva Subject Rights Requests?
Added capabilities accelerate review.
Priva Subject Rights Requests provides admins features that automate requests, so they can be fulfilled confidently, efficiently and at-scale. We are excited to share that Priva will now visually highlight data subject identifiers during review and enable admins to quickly navigate between these data subject references within content. This update enables admins to better understand the context of how the data subject is mentioned and helps them determine relevancy to the request.
Figure 4. Data subject identifiers highlighted within context on the “Plain Text” tab.
Priva Subject Rights Requests has a new capability in preview to spotlight items collected with potential data governance implications within your organization. This is powered by a new priority item detection type called “Record”.
Your organization may be controlling retention on items that can directly conflict with a data subject’s delete request—we are enhancing our right to be forgotten preview capability to provide just in time awareness to collaborators during review when Priva detects an item with an applied retention label. This comes with streamlined workflows that let you apply review tags and file notes to better facilitate collaboration with other SMEs in your organization to resolve conflicts. Note: In addition to surfacing this insight during review, Priva Subject Rights Request will check for conflictswhen executing thedelete workflow as well.
Figure 5. Tab populating within Priva where tags and notes can be applied.
Newly released to general availability for Priva Subject Rights Requests is the ability for admins to focus their review with additional filters for data collected, including a powerful keyword filter. This allows admins to type in one or more word(s), and if matched in the collected content, it will filter to that. Previously, admins were only able to search for limited data, like documents titles. Now admins have improved options to focus their review experience with the ability to use powerful keyword searches and other filters to target content.
Figure 6. Keyword search in progress within the data collected tab within the Priva solution.
More flexibility to manage requests.
Now generally available is the ability for admins to import files from non-Microsoft 365 environments, such as on-premises storage locations, or cloud-based systems where files exist for the data subject (individual files have a max limit of 500MB).This enables admins to consolidate response efforts and adds flexibility for imported data to leverage the review and collaboration features of Priva Subject Rights Requests.
Figure 7. Icon in the upper right menu area of a request is accessible while in the "Review Data" stage, providing access to import files.
In addition to importing non-M365 files, Priva Subject Rights Requests can now download items not supported by in-line review or annotation.
Finally, the Microsoft Graph APIs for Priva subject rights requests provides functionality for organizations to automate repetitive tasks and integrate with existing line of business apps or business processes. You can use the PrivaSubject Rights Requests API to help you automate and scale your organization's ability to perform subject rights requests searches in Microsoft 365 and help meet industry regulations more efficiently. We have released the preview for right to be forgotten support for the Priva API. If you’re new to working with the Microsoft Graph API, you can check out this video to get oriented on how to get started with the Priva API.
Organizations today face many challenges in protecting personal data, while also meeting the demands of a changing privacy landscape—Microsoft Priva can help. We welcome you to learn more about Microsoft Priva by visiting our website and trying Microsoft Priva free with our 90-day trial.
Did you know? The Microsoft 365 Roadmap is where you can get the latest updates on productivity apps and intelligent cloud services. Check out what features are in development or coming soon on the Microsoft 365 Roadmap.