Microsoft today announced the general availability of Privacy Management for Microsoft 365, a tool designed to help organizations gain visibility into privacy risks, automate privacy operations and subject-rights requests, and educate employees on how they should properly handle data.
The news arrives as the data privacy regulation landscape grows increasingly complicated, with new laws emerging in countries such as China and India, and currently 26 different laws across the United States, Vasu Jakkal, corporate vice president of security, compliance, and identity at Microsoft, wrote in a blog post. Privacy Management aims to simplify a complicated issue.
A major hurdle organizations face in managing privacy is understanding where personal data is stored, especially in an unstructured environment. Sixty percent of companies still use manual processes to maintain data inventory and mapping, mostly using email, spreadsheets, and in-person communication, wrote Shilpa Ranganathan, corporate vice president of mobile and modern productivity experiences, in a separate post, adding this is "costly and ineffective."
Privacy Management automatically discovers personal data in organizations' Microsoft 365 environments using "data classification and user mapping intelligence," she wrote. Businesses can see an aggregated view of their privacy posture including volume, category, location, and movement of personal data within their environments, as well as the status and trends of privacy risks that come from personal data being overshared, transferred, or unused.
Admins can use the tool to automate their privacy operations, such as detecting if personal data is shared across departmental or geographical borders — if detected, the transfer can be blocked, or remediation steps provided, so admins can apply additional protection and stay compliant.
Regulations like the EU's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) give individuals the right to know which information businesses have about them. Responding to "data-subject requests" can be burdensome. Privacy Management helps to automate and manage subject requests at scale by locating the person's data, identifying data conflicts, enabling communication via Teams, and adding review and redact capabilities.
From an education perspective, admins can customize privacy policies so data owners receive recommended steps so they can mitigate their risk within Microsoft applications. These steps are both contextual, via emails sent in Microsoft Outlook, or in the moment, via Teams chats.