数据保护注意事项Data-protection considerations

组织中的工作区分析和数据保护Workplace Analytics and data protection in your organization

Microsoft 工作区分析可分析来自 Office 365 协作数据的电子邮件、会议、呼叫和即时消息数据,以及您提供的组织 (HR) 数据。Microsoft Workplace Analytics analyzes email, meeting, call, and instant message data from Office 365 collaboration data and organizational (HR) data that you provide. 此数据与有权理解其数据使用方式的个人有关。This data pertains to individuals, who have a right to understand how their data is used. 控制和处理此类数据的人员有责任了解如何分析和存储该数据,并仔细规划如何保护它。Those who control and process this data have a responsibility to understand how it is analyzed and stored and to carefully plan how to protect it.

Note

有关更深入的信息,请参阅 使用工作区分析时的数据保护注意事项 For more in-depth information, see Data-protection considerations when using Workplace Analytics .

角色和职责Roles and responsibilities

数据控制器、_数据处理器_和_数据主体_的概念为在使用工作区分析时考虑数据保护提供了一个有用的框架。The concepts of data controller, data processor, and data subject provide a useful framework for thinking about data protection when using Workplace Analytics.

  • 您的组织的角色: Data controller。Your organization’s role: Data controller. 数据控制器确定处理数据主体的个人数据的目的和方式。The data controller determines the purposes and means of processing a data subject’s personal data. 使用工作区分析时,您的组织是数据控制器,因为它可确定 "工作区分析" 如何处理任何个人数据,以及原因。When using Workplace Analytics, your organization is the data controller because it determines whether, how, and why Workplace Analytics will process any personal data. 有关详细信息,请参阅 Data controllerFor more information, see Data controller.

  • Microsoft 的角色:数据处理器。Microsoft’s role: Data processor. 数据处理者是代表数据控制者处理个人数据的一方。The data processor is a party that processes personal data on behalf of the data controller. 当您的组织使用工作区分析时,Microsoft 就是数据处理器。When your organization uses Workplace Analytics, Microsoft is the data processor. 有关详细信息,请参阅 Data processorFor more information, see Data processor.

  • 数据主体和个人数据。Data subject and personal data. 数据主体是可以通过个人数据识别的个人。A data subject is an individual who can be identified through personal data. 在工作区分析的上下文中,数据主体是组织中要处理个人信息的员工或其他用户。In the context of Workplace Analytics, the data subject is an employee or other user in your organization whose personal information is being processed. 个人数据是任何直接或间接标识 (数据主体) 的人员的信息。Personal data is any information that directly or indirectly identifies a person (the data subject).

数据-隐私建议Data-privacy recommendations

在开始使用工作区分析之前,请考虑实施以下数据隐私建议。Consider implementing the following data-privacy recommendations before you begin using Workplace Analytics.

  • 决定要包含的数据类型: 在工作区分析中开始分析之前,请考虑是否必须包含个人数据,或者是否可以使用无法用于标识特定个人的其他数据。Decide which data types to include: Before you start an analysis in Workplace Analytics, consider whether you must include personal data or whether you could use other data that cannot be used to identify specific individuals. 有关详细信息,请参阅 在工作区分析中分析的数据类型For more information, see Types of data for analysis in Workplace Analytics.

  • 制定一个清楚的分析计划: 您必须清楚想要分析的内容和原因。Develop a clear analysis plan: You must understand clearly what you want to analyze and why. 在确定您要回答的组织的具体问题后,请考虑 Workplace Analytics 如何帮助您找到这些答案。After you determine what specific questions about your organization you want to answer, consider how Workplace Analytics might help you find those answers. 有关详细信息,请参阅 开发清楚的分析计划For more information, see Develop a clear analysis plan.

  • 考虑使用 DPIA: 如果您对工作区分析的使用需要以可能导致组织中的员工和其他用户的权限的高风险的方式处理个人数据,请考虑完成数据保护影响评估 (DPIA) 。Consider a DPIA: If your proposed use of Workplace Analytics involves processing personal data in a way that could lead to high risks to the rights of employees and other users in your organization, consider completing a data protection impact assessment (DPIA). 有关详细信息,请参阅 确定是否完成数据保护影响评估 (DPIA) For more information, see Determine whether to complete a data protection impact assessment (DPIA).

  • 使用聚合或匿名数据: 若要最大限度地减少隐私风险,请使用执行研究所需的最小数据。Use aggregated or anonymized data: To minimize privacy risk, use the minimum data necessary to conduct your research. 请注意固有的权衡:例如,您可以采用永不使用个人数据的严格策略,但这将限制工作区分析可以执行的分析。Note the inherent trade-off: You can, for example, adopt a strict policy that never uses personal data, but this restricts the analyses that Workplace Analytics can perform. 有关详细信息,请参阅 尽可能使用聚合数据或匿名数据For more information, see Use aggregated or anonymized data whenever possible.

决定要使用的数据Decide what data to use

您可以完全控制要在分析中使用工作区分析的数据。You have full control over what data to include in analysis using Workplace Analytics. 主数据源是 Office 365,但您通过组织中的 HR 和其他数据对其进行了补充,以便您可以按职务、位置或其他属性对信息进行分组。The primary data source is Office 365, but you supplement it with HR and other data from your organization so that you can group information by job title, location, or other attributes.

  • Microsoft Office 365 提供的数据: 工作区分析使用 Office 365 电子邮件和日历项目中的头信息。Data provided by Microsoft Office 365: Workplace Analytics uses header information from Office 365 email and calendar items. 此信息包括电子邮件的发件人和收件人以及日期和主题行;会议的组织者、与会者和持续时间This information includes sender and recipient and date and subject lines for email; and organizer, attendees, and duration of meetings.. 有关详细信息,请参阅 Microsoft Office 365 提供的数据For more information, see Data provided by Microsoft Office 365.

  • 控件中的隐私功能: 您可以决定要在工作区分析研究中包含哪些用户的邮箱。Privacy capabilities in your control: You decide which users’ mailboxes to include in your Workplace Analytics study. 您可以对此数据应用多个控件以进一步限制它。You can apply multiple controls over this data to limit it further. 有关详细信息,请参阅 control 中的隐私功能工作场所分析隐私和数据访问,以及 将角色分配到工作区分析管理员和分析师For more information, see Privacy capabilities in your control, Workplace Analytics privacy and data access, and Assign roles to Workplace Analytics admins and analysts.

  • 组织提供的数据: 您可以控制要包括在 Workplace Analytics 分析中的其他哪些信息。Data provided by your organization: You control what other information you want to be included in Workplace Analytics analyses. 您必须平衡通过组织行进行分析的好处以及包括进行这些分析所需的数据的风险。You must balance the benefits of analyzing along organizational lines with the risks of including the data required to make those analyses. 有关详细信息,请参阅 贵组织提供的数据For more information, see Data provided by your organization.

  • 谁可以查看数据: 您可以控制谁可以查看数据和分析结果。Who can see the data: You control who gets to see the data and the results of the analysis. 与其他处理敏感数据(如 HR 系统)的产品一样,Workplace Analytics 并不适用于普通员工。Like other products that work with sensitive data, such as HR systems, Workplace Analytics is not meant for the general workforce. 相反,本应在处理敏感信息时对其用户进行培训。Rather, its users are expected to have been trained in the handling sensitive information. 有关详细信息,请参阅 谁可以查看数据For more information, see Who can see the data.

处理数据主体请求Handle data-subject requests

在常规的 Data Protection 规章 (GDPR) 中,数据主体可能有权从处理、访问、更正或删除个人数据的过程中请求排除。Under the General Data Protection Regulation (GDPR), data subjects may have rights to request exclusion from processing, access, and correction, or deletion of their personal data. 作为数据控制器,您的组织必须评估特定的数据使用者请求是否有效,并在适当的情况下采取措施来实现该请求。As the data controller, your organization must evaluate whether a particular data-subject request is valid and then, if appropriate, take action to fulfill it. 有关以下请求类型及其实现方法的详细信息,请参阅 Workplace Analytics 支持以处理数据主体请求For more information about the following request types and how to fulfill them, see Workplace Analytics support for handling data subject requests.

  • 处理排除: 数据主体有权将其个人信息排除在处理之外。Exclusion from processing: Data subjects have the right to have their personal information excluded from processing.

  • Access: 数据主体有权请求要处理的个人信息,而 "工作区分析" 使您能够导出可能包含个人数据的原始数据。Access: Data subjects have the right to demand what personal information is being processed, and Workplace Analytics gives you the ability to export the raw data, which may contain personal data.

  • 更正: 数据主体有权纠正其个人数据。Correction: Data subjects have the right to rectify their personal data. 工作区分析仅对从其他源(如电子邮件和会议数据来自 Office 365 或您上传的组织数据)提供的数据执行 () 大部分运算。Workplace Analytics only performs operations (mostly arithmetic) on data provided to it from other sources, such as email and meeting data from Office 365 or the organizational data that you upload. 此数据不会通过工作区分析得到纠正。This data is not corrected through Workplace Analytics.

  • 删除: 数据主体可以要求删除个人数据。Deletion: Data subjects can ask for their personal data to be erased. 如果用户希望在完成研究后将其数据从研究中删除,则可以从以前处理过的原始数据集 expunge 该用户的个人数据。If a user wishes to have their data removed from a study after the study is completed, then you can expunge that user’s personal data from the raw datasets that were previously processed.

  • 有关处理的透明度: 指标说明 详细讨论了由工作区分析计算的指标以及它们的含义。Transparency regarding processing: Metric descriptions discusses in detail the metrics calculated by Workplace Analytics, and what they mean.

其他资源Additional Resources