Priva Subject Rights Request
Subject Rights Request (previously known as Data Subject Requests) is a feature geared toward helping organizations identify and manage personal information in their organization as requested by individuals. Europe’s GDPR is one of the more well-known regulations, which requires organizations to identify and remove private information upon request.
Microsoft Priva Subject Rights Request can process four types of data requests:
- Access: A summary of the data subject’s personal information stored in your Microsoft 365 tenant.
- Export: A summary of the data subject’s personal information as well as an exported file of the content items that contain the data subject’s information. Items can be tagged as Included (sometimes referred to as responsive or matching) in the subject rights request.
- Tagged list for follow-up: This option generates a summary of files tagged during a previous content review.
- Delete: Deletes the content (after review and approval) matching a data subject request.
Subject rights requests can be created via templates with pre-selected settings for different scenarios (Current employee, Former employee, Customer, Prospective employee, or Other). The templates describe the relationship between the organization and the data subject. See Figure 10.11:
Figure 10.11 – Creating a data subject request from a template
After the data has been identified, you can refine your search using familiar filtering features such as sender and recipient names. You can also add refinements for the personal data type as well as whether the items were shared outside the organization. The results are saved in an Azure Blob Storage container.
The Subject Rights Request process also allows you to add content retrieved from sources stored outside of the Microsoft 365 platform. The review process provides mechanisms to tag items as Include (part of the subject rights request) or Exclude (not matching the subject rights request).
Priva Subject Rights Request is a powerful tool that helps organizations fulfill all manner of data subject request activities. Next, you’ll look at how the new insider risk management (IRM) features of Microsoft 365 fit into the compliance story.