Data is a very valuable asset to any organization. It is important to manage data throughout its entire life cycle – from creating data in the system to properly destroying it.
Salesforce already has Profiles, Sharing Settings (Roles, Sharing Rules, etc.), Encryption, Salesforce Shield, etc. to secure data and give access to authorized persons only. However, all data cannot be treated in the same way. Some data may be more sensitive and restricted as compared to others. E.g. SSN/Birth date of a User is more sensitive and confidential than Last Name. Most countries have also implemented policies to protect confidentiality of PII(Personally Identifiable Information) data. E.g. GDPR in Europe, Data Protection Law in the USA. Salesforce helps its customers to comply with these laws by introducing Data Classification.
Data classification in SFDC helps you categorize and record data based on sensitivity at the field level and determine how much effort needs to be allocated to protect data and control access on it. Data sensitivity categories can be used to guide decisions around access, reporting, and data compliance. Data classification is automatically enabled in all Salesforce orgs and is available in any field in Standard and Custom objects.
Data Classification Metadata
|Data Owner||Indicates the person or public group responsible for the data contained in this field.|
|Field Usage||Indicates whether the field is in use. Standard SFDC values:|
1. Active – In use and visible
2. DeprecateCandidate – Planned to be deprecated and no longer in use
3. Hidden – Not visible and may be considered for deprecation
|Sensitivity Level||Defines the sensitivity of data contained in this field. Standard SFDC Values|
1. Public – Available to the public to view but not alter.
2. Internal – Available to company employees and contractors. This data must not be shared publicly, but it can be shared with customers, partners, and others under a non-disclosure agreement (NDA)
3. Confidential – Available to an approved group of employees and contractors. This data isn’t restricted by law, regulation, or a company master service agreement (MSA). It can be shared with customers, partners, and others under an NDA.
4. Restricted – Available only to an approved group of employees and contractors. This data is likely restricted by law, regulation, an NDA, or a company MSA.
5. MissionCritical – Available only to a small group of approved employees and contractors. Third parties who are given access could be subject to heightened contractual requirements. This data is almost always restricted by law, regulation, an NDA, or a company MSA
|Compliance Categorization||The compliance acts, definitions, or regulations that are related to the field’s data|