Microsoft Purview · Privacy Management (Priva)

Privacy Management Investigators

Full investigative access to privacy policy matches including file content review. Can investigate privacy incidents, view associated file content, and take comprehensive remediation actions. Reserved for senior privacy investigators.

Scope: Full investigative access to Privacy Risk Management with file content viewing capabilities. Can conduct comprehensive privacy incident investigations.

Permissions

  • Investigate Privacy Risk Management policy matches with full context
  • View file content for privacy policy matches (Data Classification Content Viewer)
  • View file metadata including name, location, owner, sensitivity label
  • View Data Classification List for metadata analysis
  • Access case management for privacy incidents (Case Management role)
  • View-Only Case access to review investigation results
  • Take comprehensive remediation actions on privacy violations
  • Review actual file content to determine privacy risk severity
  • Export file content for privacy compliance documentation
  • Apply tags and classifications to investigated content
  • Create detailed privacy incident reports with content evidence
  • Access Privacy Risk Management insights and analytics
  • Notify users and data owners about privacy violations
  • Coordinate with legal on privacy incident response
  • Recommend policy changes based on content-level investigations
  • Preserve evidence for privacy breach investigations

Common use cases

  • Investigating high-severity privacy policy violations requiring content review
  • Reviewing actual file content for GDPR Article 30 compliance
  • Conducting privacy breach investigations with content evidence
  • Analyzing data transfer violations with full document context
  • Investigating data minimization failures by reviewing content
  • Responding to data subject complaints about privacy violations
  • Documenting privacy incidents with content-level evidence
  • Conducting forensic privacy investigations for regulatory inquiries
  • Reviewing sensitive data overexposure with content access
  • Coordinating with legal counsel on privacy breach response
  • Preparing privacy incident reports for regulatory authorities
  • Investigating cross-border data transfer compliance
  • Validating privacy policy accuracy through content sampling
  • Conducting privacy impact assessments with content review

Best practices

  • Access file content ONLY when necessary for privacy investigation
  • Document clear business justification for each content review
  • Coordinate with legal counsel before viewing potentially privileged content
  • Use Privacy Management Analysts for initial triage before content access
  • Maintain proper chain of custody for privacy incident evidence
  • Minimize scope of content review to only necessary files
  • Use filters to narrow policy matches before viewing content
  • Export and preserve privacy evidence securely with encryption
  • Review audit logs periodically for appropriate content access
  • Establish investigation playbooks defining when content access is needed
  • Consider user privacy implications when viewing personal data
  • Coordinate with HR and legal on employment law compliance
  • Use Privileged Identity Management (PIM) for time-limited access where possible
  • Create detailed investigation reports for regulatory compliance
  • Separate investigator role from policy administration for independence

Security considerations

  • HIGHLY SENSITIVE - can view actual file content including personal data
  • Files may contain GDPR Article 9 special categories (health, biometric, political, etc.)
  • Must comply with privacy laws when viewing data subject content
  • All content viewing is logged and auditable via unified audit log
  • Should be limited to senior investigators, legal team, and privacy officers only
  • Consider using Privileged Identity Management (PIM) for time-limited access
  • Attorney-client privileged content may be visible - legal coordination required
  • Files may contain confidential business information or trade secrets
  • Requires documented justification for each file content access
  • Monitor audit logs for unauthorized or excessive content viewing
  • This role is more sensitive than Analyst - reserve for trusted senior staff
  • Privacy incident content may be subject to legal holds - preserve appropriately
  • Cross-border investigations may have data sovereignty implications
  • Coordinate with data protection officer before viewing special category data

Official Microsoft Learn documentation →

Open the interactive RBACMap →