Investigate and remediate alerts in Privacy Risk Management
Microsoft Priva Privacy Risk Management can help provide visibility into important discoveries from your data overexposure, data minimization, or data transfer policies. Admins can review alerts about content that matches your policy conditions. Reviewing alerts allows you to identify cases that need follow-up. You can do this by creating Issues, which provide structured way to review content, assign the severity of the problem, and collaboratively work toward remediating issues.
If your policy has been set up to send notifications to your users, content owners can also take certain corrective actions directly from these emails or from Teams. To learn more, see Send user notifications in privacy risk management.
View current alerts and issues
To view the status of all alerts and access details about specific alerts, go the Alerts page. Follow the steps below based on which portal you're using to access privacy risk management:
- In the new Priva portal (preview), select the Alerts page in privacy risk management.
- In the Microsoft Purview compliance portal, select the Policies page in privacy risk management, then select View alerts on the Alerts card at the top.
Manage alerts
To evaluate your active alerts and specify which ones require follow-up, access your Alerts page. It provides a filterable list of alerts generated by your policies. You can individually review them to determine the circumstances under which they were triggered.
Select an alert name from the list to view details, like the number of matching items and the severity as judged by your policy settings. Under the Content tab, you can review which files are involved in this alert. This information can provide additional insights as to the specific event that triggered the alert, where the files reside, and what types of personal data are involved. Triggers for alerts are determined by each policy’s specific conditions. For instance, an alert might be triggered on a data transfer policy if Priva detects a transfer between the policy’s specified departments or regions.
After assessing any alert in the list, you can select Create issue to prompt further investigation and action by your users. You will be asked to name the issue and add any relevant comments for context. You can also dismiss alerts here if they don’t require a follow-up.
Tip
To modify alert frequency or thresholds for a policy, visit Modify alerts.
Manage issues
Issues are created by admins while assessing alerts about policy matches. To follow up and resolve the indicated concerns, go to the Issues page. From here you can review individual issues, investigate the instigating conditions, review the data, and take the necessary steps to close the case.
This page provides a list of all open issues sorted by severity to help you prioritize cases, including high, medium, and low categories, along with unassigned. Select any issue in the list to review its content and take action to resolve it. You can give unassigned issues a severity rating during review.
Review issue details
Issue details pages help guide you through the process of addressing the identified privacy risks and handling the indicated files.
The tabs on issue details pages provide information about the associated alerts and content, including:
- Overview: Shows you essential information about the issue. See the issue's current status and the next recommended actions to take. You can also see an overview of the content, the associated policy, details about the alert, and the timeline. The timeline will show where you are in retrieving content. Downloaded content will be retained temporarily for review.
- Alerts: A detailed list of alerts associated with the issue.
- Content: A filterable list of associated content items. Select any item to view details about it, including any activities that have occurred and its remediation history, if anyone has already taken actions in Priva to manage the data. You can also choose to take new remediation actions.
- Notes: Select to add or view any notes for your team about the issue.
- Collaborators: View and manage the list of collaborators who can contribute to resolving this issue.
Share the issue
Adding people as collaborators allows you to share the issue with additional members of your enterprise via a secure Microsoft Teams channel, company email, or by sharing a link directly to the issue’s page in Priva. These options are available under the Share button. When sharing via Teams, you will be asked to select from the available teams in your organization, select the specific channel, and leave a message about the issue, which will be shared with the specified channel.
Review content and remediate issues
To review the content associated with an issue, choose the Review content action if prompted or open the Content tab. Select any file in the list to view it in full. Here you can see details about the file, any activities on record, and its remediation history, if previous steps have been taken to manage this file. Select Remediate to take one or more of the actions listed below.
Notify owner: Notify the content owner about the detected issue.
Apply retention label: Add a label for this item that can retain, delete, or retain and then delete it after a specified time. Learn more about retention labels.
Apply sensitivity label: Add a label for this item that identifies its sensitivity and optionally, add protection that includes visual markings and encryption. Learn more about sensitivity labels.
Mark as not a match: Identify a search result as a false positive to remove the content item from consideration.
Delete (for data minimization policies only): Use this option for a soft deletion of the data. The item is moved into the deleted items folder or recycling bin (Exchange, SharePoint, OneDrive), or deleted with an option to recover (Teams messages). Deletion can be reversed within a set period of time, depending on the settings of the service.
Make private (for data overexposure and data transfer policies only): Remove open access for this content item.
Each option will prompt you to leave comments and any other necessary supporting information for the content owner before you confirm your choice.
Once all remediation steps have been taken (including any actions you deem advisable in addition to the options available to you in Priva) and the issue is ready to close, use the Resolve button and add your final comments before submitting it.
Legal disclaimer
Váš názor
Připravujeme: V průběhu roku 2024 budeme postupně vyřazovat problémy z GitHub coby mechanismus zpětné vazby pro obsah a nahrazovat ho novým systémem zpětné vazby. Další informace naleznete v tématu: https://aka.ms/ContentUserFeedback.
Odeslat a zobrazit názory pro