Create a subject rights request
Subject rights management administrators can open new requests via Priva’s main Subject Rights Requests page. A wizard will guide you through the process of finding personal data about a data subject and starting the process of fulfilling their request.
You may also choose to upload additional material to enable Priva to identify data subjects based on exact supplied data values. To learn more, see Data matching for Subject Rights Requests.
Priva Subject Rights Requests supports three different types of requests:
Access: Provides a summary of the data subject’s personal information held by your organization in Microsoft 365.
Export: Provides a summary and an exported file of content items that contain the data subject’s personal information. These are the items reviewed and marked as Included during your review of the data collected by your search settings.
Tagged list for follow up: Generates a summary of any files that were tagged during data review that may require additional action outside of Priva. For example, you may need to facilitate deletion of the data subject's personal information according to their request. You can view the included tags and set up custom tags for your organization in Priva settings.
Getting started with your first request
When you start a trial or subscription of Subject Rights Requests, we offer a simple, out-of-box setup for your first request that uses default settings. This setup can help you explore the subject rights request workflow and get familiar with its functionality.
The first time you arrive at the Subject Rights Requests page, you'll see a banner at the top with a Get started button. When a user selects this button, a flyout pane appears with that user's information pre-populated into the name and email fields, and shows all the default settings.
Exploring request functionality with your information: Trying out a subject rights request based on your own information can help you gain familiarity and comfort with moving through each stage of the process. You'll see what a default search yeilds and can practice refining results by adjusting search settings. On the Data collected tab, you can review items in the preview area to the right and practice redacting text, applying tags, entering notes, and marking items to include or exclude for the final report (find details at Review data for a subject rights request).
- You don't have to use your information to create your first request. If you're ready to start a request for a data subject, simply replace your name and email address with the data subject's information.
To accept all settings and create the request, select Create. The pane will close and you'll see your new request listed on your Subject Rights Requests page. To change any of the default settings before creating the request, select Edit request details, which puts you into the subject rights request creation wizard.
Any request you create will count toward your trial or paid subscription allotment, regardless of which data subject's information is used for the request. The standard 30-day data retention period applies after the request is closed. Learn how to change retention periods for subject rights requests.
Use the subject rights request creation wizard
- In the Microsoft Purview compliance portal, go to the Priva section and select Priva Subject Rights Requests.
- To start a new request, select Create a request.
- Identify the data subject who made the request and specify their relationship to your company.
- We'll run a default search for items related to the data subject. If you want to refine your search or get an estimate before we retrieve data, you can make those selections at this stage. You can also leave all items blank and move onto the next step. For more information on your options, see Define search settings and Refine your search.
- Choose a request type based on what the data subject wants you to do with their data. If their request relates to a specific data privacy regulation, you can also select it from a provided list to add more context. Setting a deadline (required) makes it easy to sort for approaching or overdue requests and resolve them in a timely manner. Request types include:
- Access: Provides a summary of the data subject’s personal information held by your organization in Microsoft 365.
- Export: Provides a summary and an export of the data subject’s personal information, as collected and annotated during review.
- Tagged list for follow up: Generates a summary of any files that users tag during review that may require additional action outside of Priva. For example, you may need to facilitate deletion of the data subject's personal information per their request. Custom data review tags for subject rights requests can be managed in global Settings.
- Confirm the name of this request and add an optional description for reference.
- Review the summary of what you've entered during the previous steps. Any field can be edited before you select Create request.
For each subject rights request, you can set your search to look for data in all or specific locations within Exchange and Sharepoint. Choose a location by moving its toggle switch to the On position. You can choose to search all accounts and sites or designate specific accounts or sites within each location. Read details below about what's covered in each location.
Exchange: This option will look for data in Exchange mailboxes, and in individual or group Teams chats. You can choose to search all Exchange accounts in your organization, or select Choose accounts to select individual users from the Exchange mailboxes flyout pane.
SharePoint: This option will look for data in SharePoint sites, OneDrive for Business sites, and Teams channels. You can choose to search all SharePoint sites in your organization, or select Choose sites to select individual users from the SharePoint sites flyout pane.
For help with identifying the appropriate search terms, refer to the following topics:
SharePoint sites and URLs: Manage sites in the SharePoint admin center gives guidance on how to sort and filter sites, and how to search for a SharePoint site. Use this to find URLs to enter in the search field on the SharePoint sites flyout pane.
Teams chats and channels: Get-Team shows how to find teams in Microsoft Teams by providing specific properties or information.
OneDrive sites and URLs: About OneDrive URLs provides information about the proper format and properties for a user's OneDrive URL. Use this to help you identify OneDrive sites in your search.
We recommend carefully reviewing your selections to ensure you identify the correct data subject. For example, if you search mailboxes by name and find multiple individuals with similar names, verify the correct one before adding them to your request.
Define search settings
When you create a subject rights request, a default search will run based on your selections on the Locations page of the creation wizard. If you want to conduct a more targeted search, or if you want to choose to get an estimate of your data before content items are retrieved, you can make those selections on the Search settings page of the request creation wizard.
Advanced search options
- Refine your search: This option allows you to specify additional properties to help identify the data subject among your organization's data. After choosing this option, you'll be prompted to add more search parameters, explained below in Refine your search.
- Include content authored by the data subject: This option will look for content that has been authored by the data subject. Examples include files created by, or uploaded to SharePoint by, the data subject. Selecting this option may significantly increase the amount of data returned.
- Include all versions of items: If you selected SharePoint as a search location, the default search query will return only the current version of SharePoint items. Checking this box will return the current and all previous versions of SharePoint items, yielding a significantly larger amount of data for you to review.
The Get an estimate first option will present an estimate of how much data we expect to find before your data is automatically retrieved. When your estimate is displayed on the request's details page, you can choose to view the search results and preview a sampling of items that were discovered. If the items represent the expected results, you'll need to select Retrieve data in order to proceed with the actual retrieval of content items.
Refine your search
If you choose Refine your search on the Search settings page, when you select Next you'll be prompted to provide details for personal attributes and conditions to further target your search results. You can make additions in either or both categories. When you're done making selections in this section, the data retrieval for the request will be based on your search settings.
Add personal attributes
Enter values in the text fields for the data subject's names, nicknames, email addresses, and address. You can add other identifiers such as birth date or phone number, and text fields support multiple entries separated by a semicolon. When you're done, select Next to continue to the Conditions page.
Select the Add condition button to choose among a range of conditions to further target your search, including item name, sender and recipient names, personal data type, and whether the item was shared externally outside of your organization. The text fields support multiple entries separated by a semicolon. When you're done, select Next to save your search settings and progress to the request type setting.
Once you create your request, you’ll see it listed on your subject rights request page. To learn more about how to proceed with review, see Review data and collaborate on requests.