Create and manage a delete request
A delete request in Subject Rights Requests allows you to mark content items for deletion from your Microsoft 365 environment. After collaborators identify items that should be deleted during the data review process, specified approvers can approve the request. When the delete request is approved, a delete workflow process begins for the items marked as Include to carry out the deletion within 30 days after approval.
Delete requests aren't available for US Government Community (GCC) Moderate, GCC High, and Department of Defense (DoD) customers.
The basic process for reviewing and approving items for deletion is outlined below.
- A subject rights request admin creates the delete request and specifies one or more approvers. The request then advances to data estimate and retrieval.
- Collaborators review data collected and mark as Include the items to be deleted.
- Collaborators complete their review and notify approvers that the request is ready for approval.
- Approvers review the request and decide to either Approve the request to move it forward and begin the delete workflow, or Recommend changes, which stops the approval flow and allows collaborators to make adjustments and resubmit for approval.
Understand progress stages for delete requests
A delete request moves through the same primary progress stages that access and export request types move through, with some extra stages related to the approval process.
Unique to delete requests is the Approval substage of the Review data stage. The Approval substage is active after collaborators complete their review, as described below in Steps for collaborators. When this stage is active, approvers can perform their review as described below in Steps for approvers.
The list below highlights progress stage differences to be aware of:
Overview tab: The Overview tab on a delete request details page will show other status cards.
Approval status card: Shows how many items were included by collaborators for delete, the approval status, and the approvers assigned to the request.
Items included for deletion card: Shows the location breakdown of items included for deletion.
Action summary card: Shows the completion status of the delete workflow. The card also shows the number of items included for deletion and any items remaining, which are items pending in the workflow process or which failed to have a delete label applied.
Creating a delete request
To create a delete request, you'll generally follow the same process for creating other types of requests. The primary difference is that you'll need to assign an approver for the request.
Approvers for delete requests
When you create a delete request, you must assign at least one user in your organization as an approver for that specific request. The approver's role is to perform a request-level approval for deleting items marked Include. The approver can recommend changes if they can't approve the request as-is.
You have flexibility in who you assign to any given request. An approver could be a privacy manager or someone who's responsible for data deletion in your organization. An approver can be the same user who created the request. However, any approver must be assigned as such within the request.
You can designate multiple users in your organization as approvers for a request. Having multiple approvers is useful to balance work and provide out-of-office coverage. However, only a single approver can provide approval on a request. In case of multiple approvers, the first one to approve will initiate the delete workflow process.
A user with the Subject Rights Request Admin role can add or change approvers after a delete request is created. From a request's details page, select View request details on the Details card, find Approver and select Edit. From here, you can remove approvers by unchecking the box next to their names, and add other users as approvers.
See Steps for approvers for details on how to approve a delete request.
Creating a delete request from a template
In general, you'll follow the same steps for creating requests from a template, with the following extra steps:
- From the list of data request templates, find Data deletion and select Get started.
- Under Assign approvers, begin typing the name of one user who should approve this request for items to be deleted. You can select multiple users, but must select at least one.
Creating a delete request from the custom setup option
When you create a delete request using the custom setup option for a guided process, you'll follow the same instructions outlined for Custom setup, with the following extra steps:
Within the request creation wizard, on the Select the type of request page, select the button next to Delete. Then select Next.
At the Request settings page, assign one or more users to serve as approvers for the delete request. Select Assign approvers, and on the Assign approvers flyout pane, check the box next to the name of one or more users. When done, select Add.
The names of your chosen approvers will appear on the Request settings page. Select the Edit command if you need to make any changes. When you're done assigning approvers, select Next.
You'll then proceed to name your request and finish the request creation process.
Delete workflow and how items are deleted
When your organization successfully creates its first delete request, Priva creates a retention label with an outcome of delete named PrivaDelete. Once an approver approves a delete request, the delete workflow begins. Each content item marked as Include is evaluated to determine if there's a conflict that would prevent deletion. If there's no conflict, the Priva delete label is applied to the item to facilitate deletion.
Why some items might not be deleted
In some cases, the Priva delete label won't be applied to an item. This might happen for the following reasons:
- The content item is stored in a location that isn't supported by retention labels.
- The content item already has a retention label applied, in which case the Priva delete label won't be applied. Items with a retention label are highlighted for you as a Priorty item to review.
- The content item can't be found, such as items that are manually moved or deleted.
If any issues interrupt the application of the delete label to qualified items, application of the label will automatically be retried. If the label can't be applied after three days, the workflow process continues on to a Completed stage.
The Action summary card on the request details page will show the number of Items remaining, which means items that didn't get the label despite having no known conflicts. To see which items had conflicts or failures, review the action execution log. Remaining items will have an Action status value of False and an Action Status Details value indicating the reason the label wasn't applied.
When deletion happens after workflow completion
The Action summary card status moves to Completed after the delete workflow logic of applying the delete label is complete and reports are ready. A Completed status does not mean that the items have been deleted. Deletion of labeled items without conflicts can take up to 30 days after approval.
After the request moves through the generate reports stage, you can verify whether the delete label was applied or not by reviewing the content item listing on the action execution log on the Reports tab of the request's details page. We recommend spot-checking your Microsoft 365 environment within 30 days of a request's approval to verify deletion occurred.
How Priva works with Microsoft Purview Data Lifecycle Management
If your organization uses Purview data lifecycle management capabilities, such as retention labels to retain documents for regulatory purposes, the delete request workflow abides by your current settings. The PrivaDelete label won't be applied to items that have an existing retention label. When the Priva delete label is applied to an item, the retention platform performs conflict resolution based on the principles of retention. If an item marked for deletion conflicts with an existing retention or records label, your subject rights request admin has visibility into such conflicts through the action execution log. This visibility can help the admin address issues with your organization's data lifecyle management or records management admins, and respond back to the data subject as to why certain items couldn't be deleted.
Completing a delete request
Delete requests follow the same data estimate and retrieval process as all other requests. When a collaborator reviews data, they'll designate which content items to delete by marking items as Include during data review.
Collaborators and approvers must complete extra steps that are unique to delete requests. The responsibilities for each role are outlined below.
Steps for collaborators
When the Retrieve data stage is complete, collaborators should follow the steps below as they work on the Review data stage of a delete request. Collaborators who don't hold the Subject Rights Request Admin role will need the request creator to send them a direct link to the request's details page in order to view and work on the request. Get details at Collaboration for data review.
When a delete request is created, the subject rights request admin who created the request is the only collaborator initially. The request creator, or another subject rights request admin, can add more collaborators.
|Step||Explanation||Action to take|
|1. Review data collected.||Collaborators review all the items gathered on the request's Data collected tab and decide what to include for deletion.||Select an item's name from the list and in the content review area to the right, review its content. If the item should be deleted, select the Include command at the top of the item list, or from the three-dot action menu next to its name, or from the button at the bottom of the review area. Mark the other items as appropriate according to the data review process.|
|2. Complete review.||When you've marked as Include all items that are in scope for deletion, select the Complete review button in the upper-right corner of the screen. A flyout pane summarizes the files included for deletion, displays the approvers, and provides a notes field.||Select Complete review in the upper right of the screen. On the Submit reviewed data for approval flyout pane, review the summary of items for deletion, add notes for approvers, and select Complete review.
If you include an item that has a retention label applied, its review status will show as "included" but it won't be deleted by the delete workflow; review details.
|3. Notify approvers.||Now you notify approvers that the delete request is pending their approval. Approvers aren't automatically notified when a request is ready for their approval.
The Progress card on the request details page shows an Approval substage underneath Review data. An Approval status card shows the approval status as Pending. The Data collected tab is read-only until an approver finishes their review.
|Go to the request details page. In the upper-right of the screen, select the Share dropdown menu and choose Copy link, which copies a direct link to the request. Let the approvers know that the request is ready for their review, and provide them the link to the request. Refresh the request details page to see the updated status cards.|
|4. Check for approval.||When the approver completes their review, they may approve the delete request or they may recommend changes. Follow the instructions at right depending on the result.||If approved: Wait for the delete workflow actions to complete, review reports to facilitate internal and external communication as appropriate.
If not approved: The request details page displays a message that the approver recommends changes, and the "Approval" state in the progress card will no longer be active. Visit the Data collected tab, which is now unlocked. Filter by tag(s) the approver has used and/or view the file notes left by the approver on content items. You can discuss and adjust as needed. When you're done, select Complete review in the upper-right corner of the request details page. Let the approver know they can review the request for approval.
When the approver completes approval and approves the request, the Review data stage is complete. The delete workflow begins automatically, and the request moves to the Generate reports stage.
Once the request is approved, the delete process will automatically start and can't be canceled.
The request details page now shows an Action summary card showing the number of items to be deleted and the status of the delete workflow as In progress or Completed. A Completed status means that the delete workflow process has been completed. Some items might not be eligible for deletion due to a conflict. We suggest checking the action execution log to verify items that Priva was able to successfully apply its delete label.
Steps for approvers
A collaborator will send approvers a direct link to the request when they're ready for you to review it for approval. At this point, the request is in the Review data stage with an active Approval substage. When you get the link, copy and paste it into your browser and follow the steps below.
|Step||Explanation||Action to take|
|1. Find items for deletion on the Data for approval tab.||On the request's details page, the Data for approval tab lists all the items that collaborators marked for deletion. This tab is unique to delete requests, and only appears for approvers. If the page shows No items included for deletion approval yet, that means the collaborators haven't finished their review. Items will appear once collaborators select Complete review.||Select the Data for approval tab to start your review.|
|2. Review all items.||The list shows only the items marked as Include during the collaborators' data review process.||For each item, you can select its name from the list and review its content and any file notes, in the content review area to the right.|
|3. Recommended changes if necessary.||If you determine the request can't be approved as-is, use tags and notes to communicate what changes are needed in order to approve.||Select one or more items, then select the Apply tags command above the list of items to apply a tag. You can add notes when you apply a tag to provide more guidance and context. You can also add a file note for individual items in content review area to the right.|
|4. Advance the process.||When you're done reviewing the request, select Complete approval in the upper-right of the screen. An Approve request or recommend changes flyout pane appears, which summarizes the files marked for deletion. In the Note section, you can add more notes for collaborators.||If you approve the deletion: Select Approve on the flyout pane. This action will complete the Review data stage and kick off the workflow to begin the deletion process. Your work on the request is now finished.
If you don't approve the deletion request: Select Recommend changes on the flyout pane, and use the notes field to communicate any tags you used on files and summarize recommendations. The request remains in the Review data stage. The collaborators will receive a message at the top of the request details page that you recommend changes before approval. Collaborators can discuss and adjust as needed, complete review, then notify the approvers that the request is ready for approval. You can then review the request again.
Once you give your approval, your tasks as an approver are complete. Your Data for approval tab moves into a read-only state, which means you can't change the status of items, apply tags, or enter notes. The delete workflow begins automatically, and the request moves to the Generate reports stage.
Once items are approved for deletion, the delete process starts automatically and can't be canceled.
Action execution log report
The action execution log is a report generated once the delete request has advanced through the Generate reports stage. The report is a downloadable CSV file found on the Reports tab of a subject rights request's details page. Each approved item that was marked as Include during data review appears in a row of the report.
Each line in the report shows the item's ID, which is a unique identifier for the file, and columns of data explaining what happened to that item in the delete process.
Review the action execution log to verify the activities related to content items. The columns in the CSV file include:
- Approval UPN: The user who approved the delete request.
- Approval date: The date approved.
- Action: The value "ApplyRetentionLabel" is the application of the Priva delete label.
- Action status: A value of True means the label was applied. A value of False means the label wasn't applied.
- Action Status Details: When the action status is "False," this column lists the reason a label couldn't be applied. For example, the item's location doesn't support retention labels, or the item had an existing retention label, or another failure prevented the application of the label.
- Action date: The date the action was applied.
The action execution log includes an item's immutable ID, path, sender/author, and subject/title. This list can be a helpful reference when checking whether items approved for deletion were labeled with PrivaDelete, as well as for validating deletion. The list may also help if other stakeholders in the organization need to handle items that were skipped due to a conflict. If you plan on downloading and keeping this file for future reference, we recommend purging any personal data from the file, which may be found in the Path, Sender/Author, and Subject/Title columns.
As with all other reports, the action execution log is deleted 30 days after the request is closed, unless you've chosen the 90 day option for your data retention period. See Retention periods for reports and data.