Privacy management for Microsoft 365 released
Microsoft on Tuesday announced the âgeneral availabilityâ retail version of Privacy Management for Microsoft 365.
Organizations that have attempted to comply with regulatory privacy requirements have often done so through manual processes. Privacy Management for Microsoft 365 is Microsoft’s solution to simplify and automate many of these processes.
Most organizations use manual processes to track data with privacy implications, according to a 2020 study by IAPP-FTI Consulting, cited by Microsoft. This study indicated that “53% of companies process topic requests manually, 42% have a partially automated process, and only 2% have automated their response,” Microsoft explained in this post from the Microsoft Tech community.
Microsoft’s privacy solution works on “Exchange Online, SharePoint, OneDrive for Business and Microsoft Teams” services, according to its description “Plans”. Organizations will need high-level type E5 licenses to use it, according to Microsoft 365 security and compliance license document.
Privacy Management for Microsoft 365 uses artificial intelligence to assess privacy risks. It also has an automated discovery process to locate sensitive data, according to the post from the Microsoft Tech community:
Privacy Management automatically and continuously discovers personal data in customers’ Microsoft 365 environments by leveraging data classification and user mapping intelligence. Organizations can see an aggregated view of their privacy posture, including volume, category, location and movement of personal data in their Microsoft 365 environments. Additionally, they get visibility into current state and data. trends in associated privacy risks resulting from the sharing, transfer or non-use of personal data.
The discovery process apparently extends to data from older systems that affect Microsoft 365 services. For example, Microsoft case study is the Swiss pharmaceutical company Novartis, which has 20-year-old systems to maintain with potentially sensitive data. Novartis has adopted Privacy Management for Microsoft 365 for this purpose.
Privacy Management for Microsoft 365 adds three features for organizations overseeing privacy issues. First, it identifies the risks and where personal data is stored. Microsoft’s example is the communication of credit card numbers, which the system will block in some cases. Second, it allows organizations to automate their responses to âobject rights requests,â which is the term used by the European Union in the General Data Protection Regulation for third parties requesting personal information stored by a third party. organization. Finally, Microsoft suggested that Privacy Management for Microsoft 365 help educate employees about handling privacy-sensitive information.
The second element of Privacy Management for Microsoft 365 – automating responses to object rights requests – may include Microsoft partner support for data stored outside of Microsoft 365. Here’s how the announcement went expressed this point:
We’re also excited today to partner with leading privacy software companies – OneTrust, Securiti.ai, and WireWheel – to extend object rights management capabilities to personal data stored outside of the Microsoft 365 environment, allowing clients to have a unified and streamlined response to requests from subjects.
Partner Support uses an application programming interface (API) for Microsoft’s privacy management solution, which has reached general availability, per this Microsoft API announcement. The Microsoft Privacy Management API allows organizations to use their own customizations as well. It also includes built-in Power Automate workflows.
Two included Power Automate workflows were described in the API announcement, namely:
- Integrate requests for object rights with an internal privacy solution or designed by a partner
- Automate privacy workflows and create calendar reminders, find files with specific tags, and track topic requests in ServiceNow
Privacy Management for Microsoft 365 is currently offered as an “add-on to a Microsoft 365 or Office 365 subscription” at the E5 level.