Get started with privacy assessments (preview)

Microsoft Priva Privacy Assessments (preview) helps your organization automate the discovery, documentation, and evaluation of personal data use. This article explains what’s required in order to access and use privacy assessments.

Confirm access to Data Map

Before you start using privacy assessments, administrators should verify their organization has access to the Microsoft Purview Data Map, as this solution utilizes core components within the Data Map.

How to access privacy assessments

Privacy assessments are located in the Microsoft Priva portal (preview). To access privacy assessments:

  1. Go to the Microsoft Priva portal (preview).
  2. Select the Privacy Assessments tile from the top row of solutions.
  3. If you don’t see the Privacy Assessments tile, select View all solutions, and underneath the Privacy heading, select Privacy Assessments.

Roles and permissions

Users need to be assigned an appropriate role in order to complete various tasks in privacy assessments.

Some capabilities in privacy assessments directly support the job of the privacy professional, or privacy admin; for example, creating and assigning assessments and drafting privacy rules. Other features will likely be used by other compliance stakeholders in your organization, such business owners and engineers, to meet their compliance obligations. These obligations might include registering a new proposed data use as a project in the Purview Data Map, relating data to be used for the project, and responding to any required assessments.

Role Related job function Description
Data Curator Privacy admin; other organizational stakeholders Can create a project in Microsoft Purview Unified Catalog and curate relationships between the project asset type and technical data assets.
Privacy Curator Privacy admin Can review all registered projects, create and edit assessments, review and approve privacy assessment responses, export assessment responses, and create privacy rules.
Privacy Reader Other organizational stakeholders Can review projects and any associated assessments but is unable to create, edit, or approve privacy objects like assessments and rules.

Visit Governance roles and permissions for more information about roles and how to assign them.

Terminology and concepts

The table below provides a brief description of important terms and concepts in the context of Microsoft Priva privacy assessments. This glossary can help you learn and use the solution tools and features quickly and effectively.

Term Description
Assessment A survey or questionnaire that can be completed to document information specific to a discrete and unique use of data.A user can build a custom assessment or begin by using a built-in template, which can be customized.
Assessment assignment The association of an assessment to a registered project, completed in the context of documenting and evaluating and specific use of data. Assessments can be assigned to a project manually or programmatically via privacy rules.
Assessment response Represents the unique assignment of an assessment to a project or other asset in your data map. Each assessment response includes details about the asset its assigned to. Business stakeholders complete and submit the assessment responses, which are then reviewed and approved by the privacy team.
Asset A discrete entity registered in the Data Map. A discrete use of data can be represented by a logical business asset, such as a project or business process (see Logical business asset in this table for details). Physical data can be represented by a table or database.
Data process Active data processing can be represented in the Data Map; for example, copy activity and data transformation. These processes can be aggregated and represented as a data pipeline or something similar, and can be related to logical business assets.
Logical business asset (for example, a project) Microsoft Purview Data Map's data model permits the registration of logical business constructs such as projects, systems, and business processes. You can create custom types specific to your organization. These asset types, instead of representing physical data, represent a logical concept and can be registered to represent unique uses of data across your organization. These logical business assets can be related to physical data (see listing in this table) to create a record of the actual data that is being used for a specific use or purpose.
TIP: Throughout this documentation, we use the term project to concisely refer to the concept of a logical business asset more broadly.
Privacy Rule A logical expression of a privacy policy used to evaluate your data map. If the conditions in your data map (such as, the presence of specific types of sensitive data in an SQL table related to a registered project asset) meet the conditions defined in the privacy rule, then the designated action is taken (for example, the assignment of a privacy impact assessment).
Related physical data In Unified Catalog, a project might be related to one or many technical and physical data assets, including servers, databases, schemas, and tables. The relationships can be customized to reflect the relationship between the project and the data asset; for example, a project that consumes a table, or project that updates a data set.

Overview page sections and cards

The Overview page in privacy assessments helps you get started with setup tasks and key capabilities.

Setup tasks

You’ll see a list of initial setup tasks to help you get started using privacy assessments. When a user in your organization has completed a task, its status shows as completed and remains in the list of setup tasks for approximately two weeks.

Create new

Selecting the tiles in this section allow you to quickly begin creating core privacy assessment objects such as new privacy assessments and privacy rules.

Next step

Before you start creating your first assessment, it's recommended that you first establish some basic relationships in the Microsoft Purview metamodel. This allows you to take advantage of privacy rules.

Microsoft Priva legal disclaimer