Reviewing Data from Rights Requests
Start course

In this course, we will look at Priva Subject Rights Requests, where you will learn what they are, why they are used, and how to create them. We will also learn about managing data estimates and retrieving rights requests.

Learning Objectives

  • A basic understanding of how to create subject rights requests in Microsoft Priva and how to work with them

Intended Audience

  • Those who wish to learn how to create and use Subject Rights Requests in Microsoft Priva


  • Basic understanding of data privacy concepts

Welcome to Reviewing Data from Rights Requests. Over the next few minutes, we’ll take a look at what goes into the review of data retrieved as a result of a rights request. Now, once the data for a request has been collected, you can review the content items and decide which ones to include or exclude as part of the request. You can also redact information if needed.

During the Review data stage, collaborators review the content items shown on the Data collected tab. The Teams channel that’s been automatically set up can be used by the request stakeholders to review the content. 

During review, you might need, or want, to import additional content items into the request for your data review. For example, you might be aware of relevant files that are stored outside your Microsoft 365 environment, which should be included. 

This step is optional, but if you decide you do need additional files included, you can import them into the Data collected tab of an individual request to be reviewed and worked on.

As you review the items on the Data collected tab, you’ll need to decide whether or not each item should be included in the final report that you provide to the data subject, which, to remind you, is the person who originally asked you what personal information of theirs you have.

Selecting Include causes a pane to appear, where you can add notes and save the item's review status as Include. On the flip side, if the item DOES NOT belong as part of the request, you can select Exclude, instead. 

As you would expect, only those items marked as Include are included in the final reports that are generated for the data subject.

During this process, you can use tags to identify items that require additional attention. Priva offers several tags that you can use. This includes a few default tags and several custom tags. You can provide your own names and descriptions for the custom tags.

During review, you may want to create inline markup or redact data within a content item. The Annotate command in the content review area allows you to do this. 

For example, if you find yourself in a situation where you need to include a file for a particular person, but that file also contains personal information for a different person, you can use the Area redaction option to black out that other person’s information. 

You can also add or review notes on an item. This is done via the File Notes tab in the content review area. You can also use the Add file note option to create a new comment. If you want to add notes at the case level, use the main Notes tab. Keep in mind that these notes will be visible to all users working on the request. However, they will NOT be included in the final report that’s shared with the subject.

Once you’ve reviewed all items, and you’ve set their status to Include, Exclude, or Not a match, you can close out the review step. To do this, select the Complete review button in the request and review the summary of the data. When you’re happy, click Complete review.

When you complete the review, the request moves to the final stages of the process. It’s at this stage, where reports are generated, and the request is officially closed.

A summary of all decisions made throughout the life of the request will then be provided later in the Reports tab.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.