Learn about privacy management

Privacy is top of mind for organizations and consumers today, and concerns about how private data is handled are steadily increasing. Governments, industries, and other regulatory bodies have established privacy management laws and standards that must be followed. These regulations include practices around how data is stored and shared and the rights of individuals to control their own personal information. To stay compliant and follow best practices for privacy, organizations must address the challenges of managing such data.

Unstructured data is a rising trend, with information workers regularly generating content that may be subject to these regulations, and privacy issues arising from human error are common. Information workers must retain their privacy training and proactively review the content they generate to effectively change behavior and mitigate user errors. Without a privacy solution and strategy in place, gaining insights into potential risks in the content you store, the diversity of personal data in your content, and the ways that your content is shared can be a manual and challenging process for many organizations. Organizations need to take a “privacy by default” stance so they can organically meet evolving privacy standards across the globe and continue to grow as they protect their brand.

Privacy management serves this need by helping organizations safeguard the personal data they store in Microsoft 365 and build a privacy resilient workplace. Privacy management provides tools to:

  • Proactively identify and protect against privacy risks such as data hoarding, data transfers, and data oversharing
  • Gain visibility into the storage and movement of personal data
  • Empower information workers to make smart decisions about handling this data
  • Enable users to effectively manage data and take steps to comply with evolving privacy regulations
  • Manage subject rights requests at scale

How privacy management helps your organization

Privacy management offers capabilities and tools to aid you in addressing these key privacy concerns. You can choose to purchase one or both of the risk and subject rights requests modules. For more information, see Get started with privacy management.

Find and visualize personal data

Understanding your privacy posture starts with having a thorough understanding of what content your organization is storing that contains personal data, where it lives across the services you use, and the conditions under which it's managed. Privacy management helps organizations to discover personal data automatically and provide key analytics and insights to admins to help them understand the privacy issues and associated risks in their organization. The solution will evaluate where personal data in your organization is stored, how this data flows, and personal data trends over time.

These insights are presented within your Overview dashboard, which provides automatic updates about your data with important trends, and the data profile, which allows you to explore ongoing analytics. These insights help you understand privacy issues in your organization and to identify actions to remediate them.

To learn more, see Find and visualize your personal data.

Manage privacy risks at scale

Complex data environments can present potentially risky scenarios for personal data. Privacy management provides tools to detect these risks, establish policies and processes for remediation, and directly notify your users about issues and recommended actions to take. In this way you can inform and educate your users, along with enabling them to handle risk mitigation within tools they use every day. This can make a lasting, positive change in your organization’s privacy behaviors.

Privacy management provides built-in, customizable templates for establishing ongoing policies tailored to these scenarios:

  • Overexposed personal data: Discover open and over-privileged personal data in your organization and prioritize remediation efforts to secure data. Easily manage access rights to this data to protect privacy and prevent inappropriate use.
  • Data transfers: Detect and manage transference of personal data between departments in your organization or across country or regional borders. This can help reduce the risk of data exposure, or of stepping out of accordance with privacy regulations and laws.
  • Data minimization: Identify personal data that does not need to be retained and prioritize remediation efforts to delete this data.

Once set up, you can evaluate your data on an ongoing basis, receive alerts when policy matches are detected, and set up email notifications to your users about recommended remediation steps and training about best practices.

To learn more, see Manage privacy risks with policies in privacy management.

Efficiently fulfill personal data requests

In accordance with certain privacy regulations around the world, individuals, also referred to as data subjects, may make requests to review or manage personal data about themselves that companies have collected. For companies that store large amounts of unstructured information, finding the relevant data can be a formidable task.

Privacy management provides you with the capability to automate data subject rights fulfillment with easy access to relevant data and customizable workflows that fit into existing business processes. When you search for data related to an individual, our subject rights request solution will automatically collect data from throughout your Microsoft 365 environment and help you to review the findings and produce reports. You can securely collaborate with multiple people in your organization to complete requests. You can also customize your workflows based on your business processes with built-in templates.

To learn more, see Manage subject rights requests.

Integrate with Compliance Manager

Privacy management can work hand in hand with Microsoft Compliance Manager. Compliance Manager offers data protection and privacy assessment templates that correspond to compliance regulations and industry standards around the world. Based on the assessments you build with these templates, Compliance Manager can assist you in understanding what steps to take to meet your organization's regulatory requirements. Taking steps in privacy management to protect the personal data you store can contribute to your privacy assessments in Compliance Manager and can help improve your compliance score.

How and where privacy management identifies items with personal data

Personal data is typically personal information that is related to a living person that can be used to identify that person. It may be a data type that can directly identify the individual, such as a name, passport number, social security number, and so on, or combinations of different data types that can be used to identify the individual. The definition of personal data or personal information may vary under applicable law, so make sure you understand the types of data for which you have legal obligations.

Privacy management utilizes foundational capabilities of Microsoft 365 to help you identify these personal data types based on your settings, through the use of sensitive information types (SIT). To review the list of all defined sensitive information types, see Sensitive information type entity definitions. Organizations that are able to create custom sensitive information types can leverage those with privacy management as well.

Privacy management evaluates your organization's data stored in the following Microsoft 365 services within your Microsoft 365 tenant:

  • Exchange Online
  • SharePoint Online
  • OneDrive for Business
  • Microsoft Teams

Privacy management evaluates only data within your organization's Microsoft 365 environment. It does not access personal data that is not part of the organization's Microsoft 365 environment. For example, it does not access a user's personal Microsoft 365 account.

More resources

To see a video preview of privacy management, view AI-based Privacy Management for Microsoft 365 from Microsoft Mechanics on YouTube.

For more information about how Microsoft approaches privacy and safeguards your data, see the following resources:

Next steps

To continue, see Get started with privacy management.

Privacy management legal disclaimer