Data sensitivity and Compliance categorization with Data Classification Metadata

Properly classifying sensitive data in Salesforce is of utmost importance for any organization to implement effective data management policies and ensure compliance with global privacy regulations such as GDPR, CCPA, HIPAA, and others. By categorizing data based on its sensitivity level, companies can apply appropriate security measures, access controls, and data handling practices to reduce potential risks and safeguard sensitive information.

Here's how sensitive data can be classified to support data management policies in Salesforce:

Compliance Categorization

The compliance acts, definitions, or regulations that are related to the field’s data. Default values:

CCPA—California Consumer Privacy Act

COPPA—Children's Online Privacy Protection Act

GDPR—General Data Protection Regulation

HIPAA—Health Insurance Portability and Accountability Act

PCI—Payment Card Industry

PersonalInfo—Personal information. For use with the Enhanced Personal Information Management feature. Only available if Enhanced Personal Information Management and Digital Experiences are enabled.

PII—Personally Identifiable Information

Data Owner

The person or group associated with this field. The data owner understands the importance of the field’s data to your company and might be responsible for determining the minimum data sensitivity level.

Data Sensitivity Level

The sensitivity of the data contained in this field. Default values:

Public—Available to the public to view but not alter.

Internal—Available to company employees and contractors. This data must not be shared publicly, but it can be shared with customers, partners, and others under a non-disclosure agreement (NDA).

Confidential—Available to an approved group of employees and contractors. This data isn’t restricted by law, regulation, or a company master service agreement (MSA). It can be shared with customers, partners, and others under an NDA.

Restricted—Available only to an approved group of employees and contractors. This data is likely restricted by law, regulation, an NDA, or a company MSA.

MissionCritical—Available only to a small group of approved employees and contractors. Third parties who are given access could be subject to heightened contractual requirements. This data is almost always restricted by law, regulation, an NDA, or a company MSA.

Field Usage

Tracks whether the field is in use. Default values:

Active—In use and visible.

DeprecateCandidate—Planned for deprecation and no longer in use.

Hidden—Not visible and possibly planned for deprecation. Use with caution.

Changing the value of Field Usage doesn’t hide or expose the field.

You can use query commands to retrieve data classification metadata related to your Salesforce data.

SELECT Id, DeveloperName, Description, BusinessOwnerId, BusinessStatus, SecurityClassification,ComplianceGroup 
FROM FieldDefinition WHERE EntityDefinitionId in ('Contact')















Set Up Data Classification Metadata

You can customize your data classification settings to meet your organization’s needs and upload or download data classification values.

Data Classification Upload - You can upload your data classification information from a .csv file.

Each row must include the entity name, field name, and data sensitivity level.
Here are examples of valid rows from a .csv file.
Contact,Birthdate,Confidential
Account,AnnualRevenue,MissionCritical

The maximum number of rows in one .csv file is 10,000.

Data Classification Download - You can download your data classification information into a .csv file. The .csv file includes the object and field names, and the field-specific data sensitivity value. Only fields that have an associated data sensitivity value are included in the downloaded file.

The .csv file includes the first 2,000 records for each data sensitivity value.

Data Classification Settings - Recording the data owner, field usage, data sensitivity level, and compliance categorization of fields in any standard or custom object helps classify data to meet data management policies.













Data Classification Metadata Fields 





Salesforce Report on the Classifications


















References




Comments

Popular posts from this blog

Introduction to Salesforce Agent Script: Build Predictable AI Agents

Anti-Patterns in Salesforce Agentforce: What to Avoid When Building AI Agents

MCP vs. Traditional APIs: Choosing the Right Integration Approach