Data protection with Viva Insights

Microsoft Viva Insights produces useful insights about how your organization and employees function. It does this by analyzing Microsoft 365 collaboration data and organizational (HR) data that you provide through an upload or that's presented in Microsoft Azure Active Directory (Azure AD). Because of the potential sensitivity about how data could be used, successful implementation and use of Viva Insights require careful thought and planning with regard to data protection.

The following resources help answer key questions about how Microsoft protects employee privacy and supports compliance with local regulations, such as the General Data Protection Regulation (GDPR) when data is processed for Viva Insights.

Personal insights

Depending on your role, the following guides describe how the data processed in Viva Insights apps keeps your personal data private and protected.

• For users: Privacy guide
• For admins: Privacy guide for admins

Manager, leader, and advanced insights

Based on your role, the following information explains how Microsoft protects employees' privacy when processing the data that the Viva Insights features use for manager, leader, and advanced insights.

• For leaders, admins, program managers, group or people managers, and analysts: Data-protection considerations
• For leaders, admins, and analysts: Data access after license expiration
• For admins and analysts: Privacy and data access

More about advanced insights

If your organization uses advanced insights and analysis in Viva Insights, the following information provides more details about different aspects of data protection, privacy, and access.

• Roles and responsibilities – Read about the concepts of data controller, data processor, and data subject, and their origins in European privacy law.
• Types of data used in analysis – Provides an overview of the different types of data that can be included and used in calculations.
• De-identification of personal data – Describes how Viva Insights de-identify personal data by using pseudonymization and other techniques, such as aggregation.
• Differential privacy - Describes what differential privacy is and how is it used in Viva Insights to keep individual data private.
• Data-privacy recommendations – Guidelines that are based on Microsoft's experience working with customers, worker councils, and legal and privacy teams.
• Decide what data is used and who gets to see it – Describes what adjustments you can make, such as how to change the data your organization provides or how to keep sensitive data (like confidential email or meetings with specific subject lines) from becoming available for analysis.