Welcome to Creating Subject Rights Requests in Priva. Over the next few minutes, we’ll review some of the prerequisite permissions that are necessary for creating subject rights requests in Priva. We’ll also review the types of requests that are supported. We’ll then walk through, at a high level, what happens when a request is created.

Before creating a request, a user must hold all roles that are included in the Subject Rights Request Administrators role group. Members of this role group have full rights to create and manage subject rights requests and can add approvers for requests.

However, other role groups provide access to perform other subject rights tasks within Priva.

For example, the Privacy Management role group contains all the Priva permission roles in a single group. This group provides full access to ALL features of Priva for which you hold a license. Microsoft recommends having at least one active member of this group at all times. 

Members of the Privacy Management Administrators role group have broad access to permissions and settings and can create, read, update, and delete Privacy Risk Management policies and subject rights requests. 

Privacy Management Analysts can investigate policy matches, view file metadata, and take remediation actions. However, they cannot access content items.

You also have the Privacy Management Investigators role group, the Privacy Management Viewer role group, Privacy Management Contributors, and Subject Rights Request Approvers, with each having their own capabilities.

The table on your screen highlights these.

There are two different ways that you can create a request. You can create a request from a template, or you can use the custom option. As you would expect, a template is an “out-of-the-box” option that offers default settings, while the custom option provides a guided process that allows you to custom-define all settings.

There are four types of requests supported by Priva Subject Rights Requests. They include Access, Export, Tagged List for Follow-Up, and Delete. Now, do want to mention that that last option, Delete, is actually in preview at the time of this lecture recording.

An Access request type returns a summary of the data subject’s personal information held by your organization in Microsoft 365, while an Export request returns a summary and an exported file of content items that contain the data subject’s personal information.

A Tagged list for follow-up produces a summary of files that were tagged during data review, and a Delete request deletes content items containing a data subject's personal information. 

The first time you access the Subject Rights Requests page and click the Get started button, a flyout pane appears. This pane includes your own user information and shows all the default settings for a request. This allows you to experiment with a subject rights request on your own info.

This allows you to move through each stage of the request creation process. You can work through the process and then, on the Data collected tab, you can review items in the preview area and experiment with redacting text, applying tags, entering notes, and such.

Now, all that said, you don’t HAVE to use your own information to create your first request. If you prefer, you can replace your info with the info of a data subject you are interested in.

After accepting the settings, you can create the request by clicking Create. At this point, your new request is listed on the Subject Rights Requests page. 

After you create a request, Priva will estimate the amount of data that it expects to find based on your search parameters. Revisiting the request's details page later on will allow you to view the results of the estimate and see whether or not the request has moved on to the next stage. 

More specifically, requests will typically progress automatically from Data estimate to Data retrieval except in specific circumstances.