Microsoft Purview · Privacy Management (Priva)
Privacy Management Analysts
Investigate privacy policy matches and view file metadata without accessing file content. Can take remediation actions and manage privacy risk cases. Ideal for privacy analysts who need to triage privacy risks without viewing sensitive content.
Scope: Privacy Risk Management investigations with metadata-only access (no file content). Can triage privacy risks and take remediation actions.
Permissions
- Investigate Privacy Risk Management policy matches
- View file metadata (name, location, owner, sensitivity label, last modified)
- View Data Classification List (metadata only - no content access)
- Take remediation actions on privacy policy matches
- View privacy risk insights and analytics
- Access case management for privacy incidents (Case Management role)
- View-Only Case access to review investigation results
- Apply tags and classifications to privacy policy matches
- Create and manage privacy incident cases
- Export metadata reports for privacy compliance
- View policy match statistics and trends
- Access Privacy Risk Management dashboards and reports
- Notify users about privacy policy violations
- Recommend policy adjustments based on investigation findings
- CANNOT view or access file content (no Data Classification Content Viewer)
Common use cases
- Triaging privacy policy matches for potential risks
- Investigating data transfer violations (cross-border, departmental)
- Analyzing data minimization policy matches
- Reviewing data overexposure incidents
- Creating privacy incident cases for escalation
- Generating privacy compliance reports with file metadata
- Monitoring privacy risk trends and patterns
- Taking initial remediation actions (notifications, policy tuning)
- Coordinating with data owners on privacy risk mitigation
- Escalating high-risk privacy issues to Investigators or Admins
- Reviewing sensitivity label compliance without content access
- Conducting first-level privacy risk assessments
- Managing privacy incident workflow and case tracking
Best practices
- Start investigations with metadata analysis before escalating to Investigators
- Use Data Classification List Viewer to understand scope of privacy matches
- Document investigation findings and remediation actions in case management
- Escalate to Privacy Management Investigators only when content access required
- Monitor privacy risk trends to identify systemic data handling issues
- Use notifications to educate users on privacy best practices
- Coordinate with data owners before taking remediation actions
- Review privacy policy match context before dismissing as false positives
- Create privacy incident cases for recurring or high-severity violations
- Export metadata reports for privacy compliance audits
- Use filters and search to narrow privacy policy matches efficiently
- Recommend policy tuning to Admins based on investigation insights
- Maintain separation of duties - Analysts triage, Investigators review content
- Regularly review closed cases to improve privacy policy accuracy
Security considerations
- This role CANNOT view file content - only metadata like file name and location
- Metadata alone may still reveal sensitive information (file names, owner identities)
- All investigation activities are logged in Microsoft 365 audit log
- Case management access may reveal privacy incident details
- Privacy policy matches may indicate security vulnerabilities - coordinate with SecOps
- Analysts should not have access to actual file content for least privilege
- Escalate to Investigators when content review is necessary for investigation
- Monitor audit logs to ensure Analysts are not attempting content access
- Privacy metadata analysis may expose organizational structure or sensitive projects
- Coordinate with legal before taking remediation actions that affect users
- Maintain confidentiality of privacy incident details during investigations
- This role is appropriate for broader privacy team - more restrictive than Investigator