Learn about privacy management for Microsoft 365
Privacy is top of mind for organizations and consumers today, and concerns about how private data is handled are steadily increasing. Regulations and laws such as the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) impact people around the world, setting rules for how organizations store personal data and giving people rights to manage personal data collected by an organization.
To meet regulatory requirements and build customer trust, organizations need to take a "privacy by default" stance. Rather than manual processes and a patchwork of tools, organizations need a comprehensive solution to address common challenges such as:
- Protecting the increasing amounts of unstructured data from privacy issues arising from human error
- Helping employees adopt sound data handling practices and training them to spot and fix issues
- Understanding the potential risks in the amount and type of personal data they store and share
- Fulfilling data subject requests, or subject rights requests, efficiently and on-time
Privacy management for Microsoft 365 helps you meet these challenges so you can achieve your privacy goals. Watch the video below to learn how privacy management helps organizations safeguard personal data and build a privacy resilient workplace:
Privacy management introduction
How privacy management helps your organization
Privacy management provides capabilities that help you:
- Proactively identify and protect against privacy risks such as data hoarding, problematic data transfers, and data oversharing
- Gain visibility into the storage and movement of personal data
- Empower employees to make smart data handling decisions
- Enable users to effectively manage data and take steps to comply with evolving privacy regulations
- Manage subject rights requests at scale
Privacy management capabilities are available through two modules: risk, which provides visibility into your organization's data and policy templates for reducing risks; and subject rights requests, which provides automation and workflow tools for fulfilling data requests. You can choose to purchase one or both modules to suit your organization's needs. Learn more about privacy management modules.
Find and visualize personal data
Understanding your privacy posture starts with having a thorough understanding of what content your organization is storing in Microsoft 365 that contains personal data, where it lives across the services you use, and the conditions under which it's managed. Privacy management helps organizations to discover personal data automatically and provide key analytics and insights to admins to help them understand the privacy issues and associated risks in their organization. The solution will evaluate where personal data in your organization is stored, how this data flows, and personal data trends over time.
These insights are presented within your Overview dashboard, which provides automatic updates about your data with important trends, and the data profile, which allows you to explore ongoing analytics. These insights help you understand privacy issues in your organization and to identify actions to remediate them.
To learn more, see Find and visualize your personal data.
Manage privacy risks at scale
Complex data environments can present potentially risky scenarios for personal data. Privacy management provides tools to detect these risks, establish policies and processes for remediation, and directly notify your users about issues and recommended actions to take. In this way you can inform and educate your users, along with enabling them to handle risk mitigation within tools they use every day. This can make a lasting, positive change in your organization’s privacy behaviors.
Privacy management provides built-in, customizable templates for establishing ongoing policies tailored to these scenarios:
- Overexposed personal data: Discover open and over-privileged personal data in your organization and prioritize remediation efforts to secure data. Easily manage access rights to this data to protect privacy and prevent inappropriate use.
- Data transfers: Detect and manage transference of personal data between departments in your organization or across country or regional borders. This can help reduce the risk of data exposure, or of stepping out of accordance with privacy regulations and laws.
- Data minimization: Identify personal data that does not need to be retained and prioritize remediation efforts to delete this data.
Once set up, you can evaluate your data on an ongoing basis, receive alerts when policy matches are detected, and set up email notifications to your users about recommended remediation steps and training about best practices.
To learn more, see Manage privacy risks with policies in privacy management.
Efficiently fulfill personal data requests
Certain privacy regulations around the world allow individuals, also referred to as data subjects, to make requests to review or manage personal data about themselves that companies have collected. For companies that store large amounts of unstructured information, finding the relevant data can be a formidable task.
Privacy management provides you with the capability to automate data subject rights fulfillment with easy access to relevant data and customizable workflows that fit into existing business processes. When you search for data related to an individual, our subject rights request solution will automatically collect data from throughout your Microsoft 365 environment and help you to review the findings and produce reports. You can securely collaborate with multiple people in your organization to complete requests. You can also customize your workflows based on your business processes with built-in templates.
To learn more, see Manage subject rights requests.
Integrate with Compliance Manager
Privacy management can work hand in hand with Microsoft Compliance Manager. Compliance Manager offers data protection and privacy assessment templates that correspond to compliance regulations and industry standards around the world. Based on the assessments you build with these templates, Compliance Manager can assist you in understanding what steps to take to meet your organization's regulatory requirements. Taking steps in privacy management to protect the personal data you store can contribute to your privacy assessments in Compliance Manager and can help improve your compliance score.
How and where privacy management identifies items with personal data
Personal data is typically personal information that is related to a living person that can be used to identify that person. It may be a data type that can directly identify the individual, such as a name, passport number, social security number, and so on, or combinations of different data types that can be used to identify the individual. The definition of personal data or personal information may vary under applicable law, so make sure you understand the types of data for which you have legal obligations.
Privacy management utilizes foundational capabilities of Microsoft 365 to help you identify these personal data types based on your settings, through the use of sensitive information types (SIT). To review the list of all defined sensitive information types, see Sensitive information type entity definitions. Organizations that are able to create custom sensitive information types can leverage those with privacy management as well.
Privacy management evaluates your organization's data stored in the following Microsoft 365 services within your Microsoft 365 tenant:
- Exchange Online
- SharePoint Online
- OneDrive for Business
- Microsoft Teams
Privacy management evaluates only data within your organization's Microsoft 365 environment. It does not access personal data that is not part of the organization's Microsoft 365 environment. For example, it does not access a user's personal Microsoft 365 account.
To see a video preview of privacy management, view AI-based Privacy Management for Microsoft 365 from Microsoft Mechanics on YouTube.
For more information about how Microsoft approaches privacy and safeguards your data, visit:
To begin using privacy management, see Get started with privacy management.