Viva Insights Privacy Policies


How does Viva Insights anonymize data and ensure companies' data remains private?

1 Reply
best response confirmed by Sanjanaa_Ellur (Microsoft)

Supporting Documentation:

Personal data (highest risk) - By default, Viva Insights de-identifies email addresses and other information from Microsoft 365 that directly identifies an individual in any in-product dashboard or query result. However, it does show information from the organizational dataset that an organization provides for analysis. Thus, if a company uploads organizational data that includes personal data (for example, employee names and identification numbers), that personal data will appear in in-product dashboards and query results.

Pseudonymized data (high risk) - Viva Insights automatically replaces email addresses with pseudonyms (cryptographically obscured strings of numbers and letters) in the Microsoft 365 collaboration data that you choose to include for analysis. Using pseudonyms can reduce the likelihood that you will identify a specific person, but the risk of identification remains.

Aggregated data (lower risk) - Viva Insights calculates averages across an organization. Since the averages are calculated from data sourced from many people, it becomes nearly impossible to derive information about a specific person’s activity. The likelihood of identifying someone from aggregated data depends on the size of the sample. When you implement Viva Insights for your organization, you must select the sample-size threshold for aggregation. Smaller sample sizes (such as fewer than 10 people) might reveal some insights about individual activity, especially when the individuals are known, and other information (for example, whether the individual was on vacation) can be correlated with changes in the averages over time.

De-identified data (lowest risk) - When you use the default settings in Viva Insights, all the computed metrics that are the output of an analysis will be de-identified data.