Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Priva Privacy Risk Management gives you the capability to set up policies that identify privacy risks in your Microsoft 365 environment and enable easy remediation. Privacy Risk Management policies are meant to be internal guides and can help you:
- Detect overexposed personal data so that users can secure it.
- Spot and limit transfers of personal data across departments or regional borders.
- Help users identify and reduce the amount of unused personal data that you store.
Privacy Risk Management offers built-in templates for these scenarios to help you easily create policies. You can also fine tune your approach by creating custom policies, using any of these templates as a starting point.
When policy matches are found, admins can review alerts about the findings and make decisions about how to handle the data by creating issues for further action by your users. To learn more, see Investigate and remediate alerts in Privacy Risk Management.
Learn about key risk scenarios
Privacy Risk Management's policy options help you address two key areas of privacy concern.
Limit data overexposure
Data overexposure policies can help you detect and handle situations in which data that your organization has stored is insufficiently secure. For example, if access to an internal site is open to too many people or your permissions settings haven't been maintained, personal data stored on that site may be vulnerable to a breach. Data overexposure policies can evaluate your data for these risks and alert you to potential issues.
Privacy Risk Management can alert you about data overexposure for content items that are accessible to the public or have their access restricted by your organization. Privacy Risk Management also offers remediation options that help your users resolve any issues that are found. For data overexposure, these include making content items private, notifying content owners, or tagging items for further review.
Learn how to create a data overexposure policy.
Find and mitigate data transfers
Transferring personal data presents risks, especially when transferred outside of your organization, or sent between certain departments or across regional borders within your organization. For example, if the data is sent via unencrypted emails or to unauthorized recipients, the data may no longer be secure. Data transfer activities like these can have regulatory impact or may violate established organizational privacy practices. Using data transfer policies in Privacy Risk Management can help you spot and limit such transfers.
Data transfer policies allow you to monitor for transfers between different world regions or between departments in your organization, as well as transfers outside of your organization. When a policy match is detected, you can take corrective action, such as making content items private or tagging items for further review.
Learn how to create a data transfer policy.
Explore privacy risk management pages
The privacy risk management solution in the Priva portal contains the following pages:
Overview page: The Overview page provides setup tasks and recommended actions to help get you started.
Policies: The Policies page is the starting point to create, view, and manage your policies.
Alerts page: The Alerts page lists all policy alerts and provides current status and trends over time. Learn more about alerts.
Reports page: The Reports page presents a consolidated view of key insights, policy trends, and classification information about your organization's data. Learn more at Find and visualize personal data.
Next step
Visit Privacy Risk Management policies to learn how to create policies that address these key privacy scenarios.