Bewerken

Delen via


Learn about privacy risk management

Microsoft Priva Privacy Risk Management gives you the capability to set up policies that identify privacy risks in your Microsoft 365 environment and enable easy remediation. Privacy Risk Management policies are meant to be internal guides and can help you:

  • Detect overexposed personal data so that users can secure it.
  • Spot and limit transfers of personal data across departments or regional borders.
  • Help users identify and reduce the amount of unused personal data that you store.

Privacy Risk Management offers built-in templates for these scenarios to help you easily create policies. You can also fine tune your approach by creating custom policies, using any of these templates as a starting point.

When policy matches are found, admins can review alerts about the findings and make decisions about how to handle the data by creating issues for further action by your users. To learn more, see Investigate and remediate alerts in Privacy Risk Management. You can also configure email notifications and, for supported policy types, Teams notifications to notify your content owners directly about policy matches. They can take corrective action from these notifications and learn more about best practices for handling data with links you provide to your own training materials. For more information, see Send user notifications in Privacy Risk Management.

Learn about key risk scenarios

Privacy Risk Management's policy options help you address three key areas of privacy concern. Whether you're using a default template or customizing it to meet specific needs, Privacy Risk Management can help you find issues in these areas and guide your users through recommended steps for remediation.

Limit data overexposure

Data overexposure policies can help you detect and handle situations in which data that your organization has stored is insufficiently secure. For example, if access to an internal site is open to too many people or your permissions settings haven't been maintained, personal data stored on that site may be vulnerable to a breach. Data overexposure policies can evaluate your data for these risks and alert you to potential issues.

Privacy Risk Management can alert you about data overexposure for content items that are accessible to the public or have their access restricted by your organization. Privacy Risk Management also offers remediation options that help your users resolve any issues that are found. For data overexposure, these include making content items private, notifying content owners, or tagging items for further review.

Learn how to create a data overexposure policy.

Find and mitigate data transfers

Transferring personal data presents risks, especially when transferred outside of your organization, or sent between certain departments or across regional borders within your organization. For example, if the data is sent via unencrypted emails or to unauthorized recipients, the data may no longer be secure. Data transfer activities like these can have regulatory impact or may violate established organizational privacy practices. Using data transfer policies in Privacy Risk Management can help you spot and limit such transfers.

Data transfer policies allow you to monitor for transfers between different world regions or between departments in your organization, as well as transfers outside of your organization. When a policy match is detected, you can send users email notifications that allow them to take corrective action right in the email, such as making content items private, notifying content owners, or tagging items for further review.

Learn how to create a data transfer policy.

Minimize stored data

Over time, companies can collect large amounts of personal data from customers or employees. Sometimes this includes data that no longer needs to be stored and is being unused. This type of data should be reduced to limit privacy risks. Data minimization policies can be used to address risks of this type.

Data minimization policies allow you to look for data that your organization has been storing for at least a certain length of time. This can help you manage your ongoing storage practices. When policy matches are found, remediation options include marking items for deletion, notifying content owners, or tagging items for further review.

Learn how to create a data minimization policy.

Explore privacy risk management pages

The privacy risk management Overview page and other pages differ based on which portal you're using:

In the new Priva portal (preview)

Privacy risk management is available in the new Priva portal (preview) and features new pages and designs.

  • Overview page: The Overview page presents a consolidated view of Key insights, Policy trends, and the top tiles that exist on the Overview and Data profile pages in the classic Microsoft Purview compliance portal as described here.

  • Policies: The Policies page in the new Priva portal looks and functions as it does in the classic Microsoft Purview compliance portal. Start on the Policies page to create, view, and manage your policies.

  • Alerts page: Policy alerts now have a direct entry point from the left navigation. The Alerts page features the same information and functionality as in the classic Microsoft Purview compliance portal. Learn more about alerts.

  • Issues page: Issues that you create from policy alerts now have a direct entry point from the left navigation. The Issues page features the same information and functionality as in the classic Microsoft Purview compliance portal. Learn more about managing issues.

  • Reports page: The Reports page presents a consolidated view of Key insights, Policy trends, and the top tiles that exist on the Overview and Data profile pages in the classic Microsoft Purview compliance portal as described here.

In the classic Microsoft Purview compliance portal

In the Microsoft Purview compliance portal, your key insights are presented on the Overview page, which provides automatic updates about your data with important trends, and the Data profile page, which allows you to explore ongoing analytics. These insights help you understand privacy issues in your organization and to identify actions to remediate them. Learn more at Find and visualize personal data in privacy risk management.

Next step

Visit Privacy Risk Management policies to learn how to create policies that address these key privacy scenarios.

Microsoft Priva legal disclaimer