Describe Microsoft Priva

  • 8 minutes

Privacy is top of mind for organizations and consumers today, and concerns about how private data is handled are steadily increasing. Regulations and laws impact people around the world, setting rules for how organizations store personal data and giving people rights to manage personal data collected by an organization.

To meet regulatory requirements and build customer trust, organizations need to take a "privacy by default" stance. Rather than manual processes and a patchwork of tools, organizations need a comprehensive solution.

Microsoft Priva is a comprehensive set of privacy solutions that support privacy operations across your organization's entire digital estate and enables your organization to consolidate privacy protection across your data landscape, streamline compliance to regulations, and mitigate privacy risk.

The Priva suite of solutions has expanded to include the following solutions:

  • Subject Rights Requests
  • Privacy Risk Management
  • Consent Management (preview)
  • Privacy Assessments (preview)
  • Tracker Scanning (preview)

These solutions can be found in the new Microsoft Priva portal (preview).

A diagram showing the Priva solutions, which include Privacy Assessments, Privacy Risk Management, Tracker Scanning, Consent Management, and Subject Rights Requests.

Priva Privacy Risk Management

Microsoft Priva Privacy Risk Management gives you the capability to set up policies that identify privacy risks in your Microsoft 365 environment and enable easy remediation. Policy options in Privacy Risk Management can help you find issues in the following areas of privacy concern and guide your users through recommended steps for remediation.

  • Limit data overexposure. Data overexposure policies, which can be set up to cover both Microsoft 365 and multicloud (preview) locations, can help you detect and handle situations in which data that your organization has stored is insufficiently secure. For example, Privacy Risk Management can alert you if access to an internal site is open to too many people or your permissions settings haven't been maintained. Privacy Risk Management also offers remediation options that help your users resolve any issues that are found. For data overexposure, these include making content items private, notifying content owners, or tagging items for further review.

  • Find and mitigate data transfers. Data transfer policies allow you to monitor for transfers between different world regions or between departments in your organization, and transfers outside of your organization. When a policy match is detected, you can send users email notifications that allow them to take corrective action right in the email, such as making content items private, notifying content owners, or tagging items for further review.

  • Minimize stored data. Data minimization policies allow you to look for data that your organization has been storing for at least a certain length of time. This can help you manage your ongoing storage practices. When policy matches are found, remediation options include marking items for deletion, notifying content owners, or tagging items for further review.

The summary and resources unit of this module, includes a link to learn more about Privacy Risk Management policies that provides more details on policy settings, including data sources supported and the data types to monitor.

Priva Subject Rights Requests

In accordance with certain privacy regulations around the world, individuals (or data subjects) may make requests to review or manage the personal data about themselves that companies have collected. These requests are sometimes also referred to as data subject requests (DSRs), data subject access requests (DSARs), or consumer rights requests. For companies that store large amounts of information, finding the relevant data can be a formidable task.

Microsoft Priva can help you handle these inquiries through the Subject Rights Requests solution, which can address subject rights request for data within your organization's Microsoft 365 environment or for subject rights request for data beyond Microsoft 365, currently in preview. The solution provides automation, insights, and workflows to help organizations fulfill requests more confidently and efficiently.

Nearly all interactions with companies, service providers, websites, programs, and apps are conducted digitally, which has resulted in an explosion of data belonging to individuals. It’s never been more important for organizations to meet the requirements of data privacy regulations to provide the right type of consent and notice around the collection and use of personal data.

Consent models refer to the approaches used by organizations to obtain, manage, and record user consent for the collection, processing, and sharing of personal data. These models are crucial for ensuring that organizations comply with privacy regulations.

Priva Consent Management is a regulatory-independent solution for streamlining the management of consented personal data. Consent management empowers organizations to effectively track consumer consent across their entire data estate.

Consent management provides customizable consent models that allow you to add branding and style elements specific to your organization. Consent models also support adding, importing, or machine-generating language translations to support visitors in multiple regions who have different language requirements. The consent models you create don’t need to be created for specific websites, meaning you can use the same model across your public domains.

When you’re ready to publish your consent models, a centralized process allows you to publish consent models at scale to multiple regions.

Privacy Assessments (preview)

Organizations today face significant challenges in maintaining current justified documentation of data usage across their data estates. The assessment of personal data use often involves manual and time-consuming tasks like generating and updating custom questionnaires as well as monitoring data use across the business. As a result, privacy impact assessments are performed after the fact or quickly become stale, failing to accurately reflect the current state of data use within the organization.

Priva Privacy Assessments automates the discovery, documentation, and evaluation of personal data use across your entire data estate. Using this regulatory-independent solution, you can automate privacy assessments and build a complete compliance record for the responsible use of personal data.

Tracker Scanning (preview)

Web tracker compliance refers to the adherence of websites to legal and regulatory requirements regarding the use of web tracking technologies. These technologies, such as cookies and other tracking mechanisms, are used to monitor and collect data about users' activities on a website.

Many organizations find it challenging to effectively manage and monitor web tracker compliance. Navigating the intricate realm of tracker compliance is a complex and often burdensome task due to the swift evolution of technology, the proliferation of websites, and the evolving landscape of privacy regulations.

Priva Tracker Scanning empowers organizations to automate the identification of tracking technologies across multiple web properties, driving the efficient management of website privacy compliance. With Tracker Scanning you can automate scans for trackers, evaluate and manage web trackers, and streamline compliance reporting.

Priva portal (preview)

The new Priva portal (preview) has a unified experience that streamlines navigation for all Priva solutions and provides a single-entry point for settings, search, and roles and permissions management.

The classic Microsoft Purview compliance portal doesn't support the newest solutions currently in preview: Consent Management, Privacy Assessments, Tracker scanning, and Subject Rights Request beyond Microsoft 365.

Screenshot of the Priva portal landing page.