User notifications in Privacy Risk Management
When you set up a policy in Privacy Risk Management, you can choose to notify users when their actions meet the conditions you set in the policy. There are two types of notifications: emails, which are available for all three policy types, and tips that appear in Teams, which are available only for the data transfer policy type. When you create or edit a policy, you can decide whether to turn on these notifications, how frequently to send them, and you can customize their content.
Sending notifications to users can be an important component in helping your organization meet its privacy goals. The notifications are designed to:
- Bring immediate awareness to users when their actions could expose personal data to privacy risks.
- Provide remediation methods directly within the emails, so that users can take swift action to protect data at risk.
- Direct users to your organization's privacy guidelines and best practices.
Informing users of potential issues in the moment, and empowering them to remediate issues and refresh their skills, can be powerful tools for building sound data handling practices across your organization.
Review the sections below to help you prepare and manage user notifications for policy matches.
User notifications aren't available to US Government Community (GCC) High or Department of Defense (DoD) customers.
Prepare training content for notifications
Including a link to privacy training is required if you choose to send user notifications when policy matches are detected. Providing access to your organization's privacy guidelines enables you to keep your users informed about your own best practices and policies. It can also give context for the suggested remediation actions in the email, and help your users prepare for good data management decisions in the future.
Before setting up your policy, decide on the training URL you wish to include. One link can be provided per policy, so we recommend choosing references specific to each scenario.
Set user email notifications
You can set up email notifications for all policy types when you create a new policy or edit an existing policy. Setting up email notifications is done on the Outcomes page of the policy creation wizard. You choose how frequently you want an email sent to users: daily, weekly, or monthly. Visit Define outcomes: user notifications and tips for the complete instructions.
The overall capability of Privacy Risk Management to send email notifications is controlled in Priva Settings. It is enabled by default. Turning off this setting will stop all emails even if notifications have been configured at an individual policy level. Learn more about user notification email settings.
Preview and customize email content
When users receive email notifications about policy matches, they can follow prompts in the emails to immediately take corrective action. For example, if a data overexposure policy finds a match for personal data that may be too widely accessible, the notification email includes a link to the content item so the user can review it, and buttons for the user to mark the item as private or keep its current level of access. The suggested actions will be relevant to each different type of policy.
You can preview the email content and make your own changes when adjusting this setting in the policy creation or editing process. To preview and edit your notification email content, follow the steps below:
Create or edit your policy by starting the steps outlined in the guided policy creation process.
At the Outcomes step of the process, select the box next to Send a notification email to users when a policy match occurs.
Select the Preview and edit notification email button that appears beneath the notification email checkbox.
A flyout pane appears with text fields pre-populated with the default email content. You can edit any or all fields, which include: the email's subject line, body header, body content, privacy training display name, and training URL.The preview of the email is at the bottom of the flyout pane, and it will change as you make edits to the default text. When you're satisfied with the email content, select Save to save your settings. To discard any changes to the default email, select the X in the upper right corner of the flyout pane to close it and revert back to the default content.
Back on the Outcomes page, select Next. Continue through the wizard and when you arrive at the final Finish page, review your settings and select Submit.
Your notification settings will now be in effect for this policy. If your policy is testing, notifications won't be sent. If your policy is turned on, notifications will be sent. View more details about creating and managing policies.
Send notifications in Teams
For data transfer policies, you can elect for users to receive policy tips and recommendations in secure Teams channels when a policy match is detected. These tips educate users on responsible use of personal data. Tips will also include links to related training. To learn more about setting up these notifications, visit Define outcomes: user notifications and tips.