Data protection and privacy have become business imperatives. In a global survey conducted by Microsoft and leaders in the academic privacy space, 90 percent of respondents said they would not buy from an organization that does not properly protect its data.1 More than ever, people have a high awareness of their privacy, their digital footprint, and, most importantly, how the organizations they work with treat both. According to Gartner®, by the end of 2024, three-quarters of the world’s population will have personal data covered by modern privacy regulation.2 People exercise their privacy rights either explicitly, through actions like subject rights requests, or implicitly, through declining to do business with organizations that they do not trust. For organizations committed to respecting the privacy rights of individuals, it can be challenging to implement requirements and controls needed to meet data privacy needs.
Microsoft respects the vital role that privacy plays with customers. We provide solutions that help organizations meet their privacy obligations, and today we are excited to announce enhancements to Microsoft Priva.
Protect personal data, automate risk mitigation, and manage subject rights requests at scale.
Microsoft Priva brings automated functionality to help organizations meet adapting privacy requirements related to personal data. Today, Microsoft Priva offers two solutions:
Microsoft Priva Privacy Risk Management
Microsoft Priva Privacy Risk Management helps organizations manage privacy risks related to data hoarding, data overexposure, and data transfers, and empowers employees to make better data-handling decisions. Priva Privacy Risk Management supports organizations by:
Microsoft Priva Subject Rights Requests
Depending on where you are in the world today, there will be varying privacy regulations that impact your business, and even if you’re not impacted much today, chances are that it’s a matter of time before they are enabled. Many of these privacy regulations empower people to exercise their rights over their data, requesting that the organizations they do business with or work for provide a log of all personal data collected. For organizations, the process of completing subject rights requests can be a manual, complex, time-consuming, and expensive process, that is also time bound. Microsoft Priva Subject Rights Requests help organizations manage requests at scale and with confidence by:
Updates to Microsoft Priva include added customization, better insights, easier collaboration, powerful review options, and so much more.
The data minimization policy in Privacy Risk Management has been a highly resonating privacy scenario. With this update of day zero insights, admins will be able to view data minimization policy insights 72 hours after starting Priva, with a view of data up to the past 90 days. Previously, customers would have waited at least 30 days to catch policy matches. With a better history of data, privacy admins can understand privacy trends better, and use these data points to strategize the best approach for their organizations.
Microsoft Purview Compliance Manager offers data protection and privacy assessment templates that correspond to compliance regulations and industry standards around the world. Now available is Microsoft Priva working hand-in-hand with Compliance Manager. With this update, admins can take specific actions within Microsoft Priva that achieve points that count toward assessment completion and increase the overall compliance score. Examples of actions that can detect and provide credit include admins setting up a Privacy Risk Management policy, or enabling data retention limits for a subject rights request—prompting collaboration that yields better together productivity.
Figure 1. Visual of Compliance Manager recognizing actions taken within the Priva solution in the “improvement actions” section of Compliance Manager.
Additionally, insights from Compliance Manager will now populate within Priva itself. This update brings recommendations on actions that will help admins align to regulations and improve their score in Compliance Manager.
Many regulations, including General Data Protection Regulation and California Consumer Privacy Act include the right to be forgotten, giving people the ability to request the deletion of all the information an organization has collected about them, with a few outlined exceptions that allow data retention. Today, we are excited to share that Priva Subject Rights Requests delete is now generally available—admins can now select delete as a request type, or get started with the delete template and get purpose-built flows that help surface conflicts and streamline deletion (leveraging the Microsoft retention and deletion platform and working better together with teams already using data lifecycle management and records management). This feature will also enable admins to have the flexibility to select different approvers for any given request and, once the workflow is complete, access the reports tab where they can view their summary report and review results.
Figure 2. Stage three of five of a delete subject rights requests in progress within the Priva Subject Rights Request solution.
Watch this short video to see Priva Subject Rights Requests delete in action.
As the data protection landscape continues to shift, many organizations are working to prioritize the privacy needs of a data-driven world. We welcome you to learn more about how Microsoft Priva can help and invite you to try Microsoft Priva free today.
Visit our latest Tech Community Priva blog for additional Microsoft Priva updates and details.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.
1From Privacy Vulnerability to Privacy Resilience, Microsoft. August 2022.
2Gartner®State of Privacy: The Privacy Tech Driving a New Age of Data Wealth. August 2022.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.