Privacy Management for Microsoft 365 Commercially Released
Microsoft on Tuesday announced the "general availability" commercial release of Privacy Management for Microsoft 365.
Organizations that have attempted to comply with privacy regulatory requirements have often done so via manual processes. Privacy Management for Microsoft 365 is Microsoft's solution to simplify and automate many of those processes.
Most organizations are using manual processes to track data with privacy implications, according to a 2020 study by IAPP-FTI Consulting, as cited by Microsoft. That study indicated that "53% of the companies handle subject requests manually, 42% have a partially automated process, and only 2% have automated their response," Microsoft explained, in this Microsoft Tech Community post.
Microsoft's privacy solution works across "Exchange Online, SharePoint, OneDrive for Business and Microsoft Teams" services, according to its "Plans" description. Organizations will need top-tier E5-type licensing to use it, according to a Microsoft 365 security and compliance licensing document.
Privacy Management for Microsoft 365 uses artificial intelligence to assess privacy risks. It also has an automated discovery process whereby sensitive data get located, per the Microsoft Tech Community post:
Privacy Management automatically and continuously discovers personal data in customers' Microsoft 365 environments by leveraging data classification and user mapping intelligence. Organizations can see an aggregated view of their privacy posture, including the volume, category, location, and movement of personal data in their Microsoft 365 environments. Additionally, they get visibility into the current status and trends of the associated privacy risks arising from personal data being overshared, transferred, or unused.
The discovery process apparently extends to data in older systems that touch Microsoft 365 services. For instance, Microsoft's case study is Swiss pharmaceutical company Novartis, which has 20-year-old systems to maintain with potentially sensitive data. Novartis adopted Privacy Management for Microsoft 365 to that end.
Privacy Management for Microsoft 365 adds three capabilities for organizations overseeing privacy issues. First, it identifies risks and where personal data is stored. Microsoft's example is the communication of credit card numbers, which the system will block in some cases. Second, it lets organizations automate their responses to "subject rights requests," which is the European Union's term in the General Data Protection Regulation for outside parties requesting personal information stored by an organization. Lastly, Microsoft suggested that Privacy Management for Microsoft 365 helps educate employees on handling privacy-sensitive information.
The second element of Privacy Management for Microsoft 365 -- automating responses to subject rights requests -- can include Microsoft partner support for the data that's stored outside of Microsoft 365. Here's how the announcement expressed that point:
We're also excited today to partner with leading privacy software companies -- OneTrust, Securiti.ai, and WireWheel -- to extend subject rights management capabilities to personal data stored outside of the Microsoft 365 environment, enabling customers to have a unified and streamlined response to subject requests.
The partner support is utilizing an application programming interface (API) for Microsoft's Privacy Management solution, which has reached the general availability stage, per this Microsoft API announcement. The Microsoft Privacy Management solution API lets organizations use their own customizations, too. It includes built-in Power Automate workflows as well.
Two included Power Automate workflows were described in the API announcement, namely:
- Integrate subject rights requests with in-house or partner-built privacy solution
- Automate Privacy workflows and create calendar reminders, search files with specific tags, and track subject requests in ServiceNow
Privacy Management for Microsoft 365 is currently offered as an "add-on to a Microsoft 365 or Office 365 subscription" at the E5 level.
There's a "free 90-day trial." Microsoft also produced a video demo showing how Privacy Management for Microsoft 365 works.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.