Data sensitivity and Compliance categorization with Data Classification Metadata
Properly classifying sensitive data in Salesforce is of utmost importance for any organization to implement effective data management policies and ensure compliance with global privacy regulations such as GDPR, CCPA, HIPAA, and others. By categorizing data based on its sensitivity level, companies can apply appropriate security measures, access controls, and data handling practices to reduce potential risks and safeguard sensitive information.
Here's how sensitive data can be classified to support data management policies in Salesforce:
Compliance Categorization
The compliance acts, definitions, or regulations that are related to the field’s data. Default values:
CCPA—California Consumer Privacy Act
COPPA—Children's Online Privacy Protection Act
GDPR—General Data Protection Regulation
HIPAA—Health Insurance Portability and Accountability Act
PCI—Payment Card Industry
PersonalInfo—Personal information. For use with the Enhanced Personal Information Management feature. Only available if Enhanced Personal Information Management and Digital Experiences are enabled.
PII—Personally Identifiable Information
Data Owner
The person or group associated with this field. The data owner understands the importance of the field’s data to your company and might be responsible for determining the minimum data sensitivity level.
Data Sensitivity Level
The sensitivity of the data contained in this field. Default values:
Public—Available to the public to view but not alter.
Internal—Available to company employees and contractors. This data must not be shared publicly, but it can be shared with customers, partners, and others under a non-disclosure agreement (NDA).
Confidential—Available to an approved group of employees and contractors. This data isn’t restricted by law, regulation, or a company master service agreement (MSA). It can be shared with customers, partners, and others under an NDA.
Restricted—Available only to an approved group of employees and contractors. This data is likely restricted by law, regulation, an NDA, or a company MSA.
MissionCritical—Available only to a small group of approved employees and contractors. Third parties who are given access could be subject to heightened contractual requirements. This data is almost always restricted by law, regulation, an NDA, or a company MSA.
Field Usage
Tracks whether the field is in use. Default values:
Active—In use and visible.
DeprecateCandidate—Planned for deprecation and no longer in use.
Hidden—Not visible and possibly planned for deprecation. Use with caution.
Changing the value of Field Usage doesn’t hide or expose the field.
You can use query commands to retrieve data classification metadata related to your Salesforce data.
SELECT Id, DeveloperName, Description, BusinessOwnerId, BusinessStatus, SecurityClassification,ComplianceGroupFROM FieldDefinition WHERE EntityDefinitionId in ('Contact')






Comments
Post a Comment