Privacy guide for Personal Insights
Personal insights in Microsoft Viva Insights help you find opportunities to build better habits and get back in control of your time. This article describes how Viva Insights uses personal data for personal insights, where it stores that data, and the ways in which it was designed to keep that data safe. It also describes how Viva Insights complies with GDPR regulations.
Key principles
-
As a Viva Insights user, only you can see your own data.
-
Your data is stored and computed in your Exchange Online mailbox.
-
You can opt in and opt out at any time.
-
Personal insights in Viva Insights shows you no personally identifiable info of co-workers beyond what you can already see in Outlook and Teams.
Data privacy key points
-
Personal insights in Viva Insights is not designed to enable evaluation, tracking, automated decision making, profiling, or monitoring. Viva Insights provides you with personal insights through the Viva Insights app in Microsoft Teams and on the web, the Insights Outlook add-in, Viva digest emails, Briefing emails, and inline suggestions in Outlook. Personal insights in Viva Insights has no mechanism or option that allows anyone but you to access the personalized information that is displayed through these surfaces, unless you purposefully and independently share it. Personal insights data provided by Viva Insights cannot be used for automated decision making or for profiling.
-
Personal insights in Viva Insights does not give employees access to new personally identifiable information on other coworkers. Viva Insights converts data into personal insights by doing calculations on information that you generate just by going about your workday. Most of the data that you see in personal insights from Viva Insights is simply an aggregation of information to which you already have access, but that you wouldn’t be able to quickly perform calculations on without some support.
-
Personal insights in Viva Insights data is processed and stored in the employee’s Exchange Online mailbox. Viva Insights processes data from these sources for personal insights: Exchange Online email and calendar data, chat and call signals from Skype for Business and from Teams. Viva Insights stores and processes this data inside each employee’s Exchange Online mailbox.
-
Personal insights in Viva Insights supports General Data Protection Regulation (GDPR) compliance. Microsoft has designed Personal insights in Viva Insights to support your organization’s needs to follow GDPR requirements.
Important: This article discusses the Briefing email. We've paused sending Briefing emails to make some improvements. You can still access the Viva Insights Outlook add-in or Viva Insights app in Teams and on the web for key functionality until this service resumes. For more information about this change, refer to Briefing pause.
Important: This article also discusses the Digest email. Beginning at the end of March 2024, we'll be pausing the Digest emails, which are typically sent twice a month. All the content from Digest emails will still be available within the Viva Insights app in Teams or on the web. You can continue to explore and analyze your data insights seamlessly. To learn more about this change, refer to the Digest email pause.
Where to see personal insights
Personal insights in Viva Insights:
Privacy in the Viva Insights app in Teams and on the web
When data is processed in the Microsoft Viva Insights app, Microsoft protects employee privacy and fully complies with local regulations, such as the General Data Protection Regulation (GDPR). Viva Insights protects privacy in the following ways:
-
Personal and private – Content in your insights is personal, private, only available to you. No one else in your organization can access it.
-
Everyone's data is kept private – Viva Insights doesn't include any new personally identifiable information about anybody else in your organization. The insights and actions are based on information generated by you and your organization just by going about your regular workday. Your insights are based on information that you already have access to but can’t quickly aggregate without help.
-
Mailbox security – Viva Insights uses Exchange Online email and calendar data and processes and stores any insights or actions inside your Exchange Online mailbox, so data security is built in and enforced by Exchange.
-
GDPR compliant – Microsoft complies with the GDPR when providing insights and actions in the app.
How it works
The personal insights and actions in the Microsoft Viva Insights app are based on your Exchange Online mailbox data, such as email and calendar data. The insights are derived from data that is already available to you in your Exchange Online mailbox. For example, if you want to determine what commitments you made to others, you could manually review each email in your mailbox. The Viva Insights app simply saves you from this tedious process.
Data types
Viva Insights provides personal insights with the following types of data.
-
Mailbox data - Email, calendar, chat, and call activity that you generate by using Microsoft 365, such as time that you spend in meetings or emails that you send to a specific person or group.
-
Incremental data - Data that would otherwise be unavailable to you but is presented in an aggregated form designed to protect individual privacy.
Mailbox data
Mailbox data represents information that you already have access to simply by going about your job, such as sending emails, arranging meetings, or chatting with coworkers. Viva Insights processes and shows the information in ways that make it actionable.
For example, Viva Insights provides views that allow you to quickly understand how much time you spend in meetings and in email every day, who you collaborate with the most, who you are losing touch with, and to whom you have made commitments and requests.
You can take action on this information. You might decide that you spend too much time in meetings, for example, and adopt a personal goal of running more efficient meetings.
Personal insights are derived from data that is already available to you in the following places:
-
Your Exchange Online mailbox
-
Your activity in OneDrive and SharePoint documents
-
Your chat and call history from Teams and from Skype for Business
Viva Insights simply applies some basic calculations and rules to make this data more actionable. Mailbox data is stored directly in your Exchange Online mailbox.
For example, if you want to determine which colleagues sent you the most email over the past week, you could technically do so without Viva Insights by manually counting emails from coworkers in your inbox. Similarly, you could determine your coworkers’ average response time to the emails that you sent them by using the timestamp information readily available in your mailbox. Viva Insights saves you the trouble of having to perform these tedious calculations.
Incremental data
In a few cases, Personal insights in Viva Insights provides you with de-identified information on other people that would not have otherwise been available to them, such as for Email read rates.
Email read rates
Viva Insights tracks the percentage of recipients who opened an email message (in the Outlook add-in) for email that you’ve sent to five or more people.
To preserve privacy, Viva Insights does not track read rates for messages sent to fewer than five people. Viva Insights also doesn't show read rates of "0 percent" or "100 percent," as that would allow people to make definitive conclusions about individual coworker actions. Instead, the read rate in these cases is displayed as a range that encompasses a threshold value that depends on the number of recipients of the email.
This metric is calculated based on the "read" flag in Exchange Online. For some people, messages are flagged as "read" when you open a message in the Outlook preview pane. For others, you might need to double-click to open the message to mark it as "read."
You can control this setting in your Outlook settings. To show these signals in the sender’s mailbox, the “read” flag is copied within the Microsoft 365 environment, and then delivered to the sender’s mailbox.
GDPR Compliance
As is the case with the full Microsoft 365 suite, Viva Insights helps support compliance with GDPR requirements. For example, Viva Insights supports the following:
-
Secure and protect users’ personal data – Insights requires an Exchange Online license, and all data is stored in the employees’ Exchange Online mailbox. The computed metrics, such as tasks, are appended to the mailbox. Thus, the Viva Insights app meets this obligation by virtue of Exchange Online also meeting the obligation:
-
Microsoft will not mine customer data in Exchange Online for advertising.
-
Microsoft will not voluntarily disclose Exchange Online customer data to law enforcement agencies.
-
Microsoft will meet all requirements related to encryption of Exchange Online data and implement controls to reduce security risks and help ensure business continuity, as described in ISO 27001 and 27018.
-
-
Notify users in the event that a breach is detected – Microsoft will notify customer privacy contacts within 72 hours of Microsoft becoming aware of a breach by Microsoft 365 incident response standard operating procedures.
-
Honor user requests (DSRs) to export, delete, or restrict processing personal data – Microsoft supports user requests, such as requests for export of or deletion of data.
For more information, refer to GDPR compliance.