User notifications in Privacy Risk Management

When you set up a policy in Privacy Risk Management, you can choose to notify users when their actions meet the conditions you set in the policy. Sending notices to users of potential issues in the moment with remediation options can be powerful tools for building sound data handling practices across your organization.

There are two types of notifications:

  1. Emails, which are available for all three policy types, and

  2. Tips that appear in Teams, which are available only for the data transfer policy type.

When you create or edit a policy, you can decide whether to turn on these notifications, how frequently to send them, and you can customize their content.

Sending notifications to users can be an important component in helping your organization meet its privacy goals. The notifications are designed to:

  • Bring immediate awareness to users when their actions could expose personal data to privacy risks.
  • Provide remediation methods directly within the emails, so that users can take swift action to protect data at risk.
  • Direct users to your organization's privacy guidelines and best practices.

Note

User notifications aren't available to US Government Community (GCC) High or Department of Defense (DoD) customers.

What's in the emails

When users receive email notifications about policy matches, they can follow prompts in the emails to immediately take corrective action. For example, if a data overexposure policy finds a match for personal data that may be too widely accessible, the notification email includes a link to the content item so the user can review it, and buttons for the user to mark the item as private or keep its current level of access. The suggested actions will be relevant to each different type of policy.

Emails also have a link taking the user to your organization's preferred privacy training. A training link is required for email notifications. Providing access to your organization's privacy guidelines enables you to keep your users informed about your own best practices and policies. It can also give context for the suggested remediation actions in the email, and help your users prepare for good data management decisions in the future.

Tip

Before setting up your policy, decide on the training URL you wish to include. One link can be provided per policy, so we recommend choosing a training that references scenarios pertinent to the policy type.

Enable or disable emails

User notifications are enabled by default and are managed in Priva Settings. When emails are enabled, you can choose to send or not send notification emails during the process of creating or editing a policy. Disabling user notification emails in Settings will stop all emails even if notifications were already set up for a policy.

During the policy creation process, the Outcomes page is where you choose to send notification emails when matches are detected. You determine how frequently to send emails: daily, weekly, or monthly. Visit Define outcomes: user notifications and tips for the complete instructions.

Preview and customize email

You can preview the notification email's content before sending it to users. You can also customize various aspects of the emails, such as the subject line, body content, and training display name.

By default, the email is sent from a Microsoft address to the user on behalf of the organization and includes the Microsoft logo. You can change these default settings to remove the Microsoft logo and use one of your organization's email addresses as the sender. Personalizing the email in this way can help assure users that the emails aren't spam or phishing attempts, and may increase the chances that the emails will be acted upon.

Changing the email sender

When you customize the sender email address so that emails appear to come from your organization, all notification emails for all policies will be sent from the email address you designate. The Microsoft logo is also removed from emails when you customize the sender address.

Change the sender address for notification emails by going to Priva Settings and following these steps:

  1. Select Settings (next to Learn more) in the upper right corner within Priva.

  2. Select User notification emails on the left navigation.

  3. Select the checkbox next to Customize sender alias.

  4. Select Select sender group.

  5. From the Select sender group flyout pane, search for or select from the list the email address that you want to appear as the sender for the email. When done, select Add.

  6. The email sender name and address is listed on the User notification emails page. Select Save to save your changes.

Preview email and customize content

You can preview the email content and make changes during the policy creation or editing process. To preview and edit your notification email content, follow the steps below:

  1. Create or edit your policy by starting the steps outlined in the guided policy creation process.

  2. On the Outcomes page, select the box next to Send a notification email to users when a policy match occurs.

  3. Select Preview and edit notification email.

  4. On the Customize the notification email flyout pane, review and edit the text fields for the email's subject line, body header, body content, privacy training display name, and training URL.

  5. Preview the email in the lower half of the flyout pane. The preview reflects edits made in the text fields.

  6. When you're satisfied with the email content, select Save. To discard any changes to the default email, select the X in the upper right corner of the flyout pane to close it and revert back to the default content.

  7. Back on the Outcomes page, select Next. Continue through the wizard and when you arrive at the final Finish page, review your settings and select Submit.

Your notification settings will now be in effect for this policy. If your policy is testing, notifications won't be sent. If your policy is turned on, notifications will be sent. View more details about creating and managing policies.

Send notifications in Teams

For data transfer policies, you can elect for users to receive policy tips and recommendations in secure Teams channels when a policy match is detected. These tips educate users on responsible use of personal data. Tips will also include links to related training. To learn more about setting up these notifications, visit Define outcomes: user notifications and tips.

Microsoft Priva legal disclaimer