Considerations for Using Shield Platform Encryption with Person Account Fields

Which Account and Contact fields are classified as Person Account fields?

When Person Accounts are enabled, standard Account and Contact fields are mapped to equivalent Person Account fields, often appearing with a Person prefix or __pc suffix in the API. These fields include:

• Name (mapped to FirstName and LastName)

• Description

• Mailing Address (mapped to PersonMailingAddress)

• Phone

• Fax (mapped to PersonFax)

• Mobile (mapped to PersonMobilePhone)

• Home Phone (mapped to PersonHomePhone)

• Other Phone (mapped to PersonOtherPhone)

• Email (mapped to PersonEmail)

What are the effects of enabling Shield Platform Encryption on Person Account fields?

Salesforce maintains synchronized encryption across the Account and Contact schemas. This means that enabling or disabling encryption on a specific field at the Account level will automatically enable or disable it on the corresponding Contact field, and vice-versa.

How should I enable encryption on Person Account fields?

When selecting fields to encrypt with Field-Level Encryption, you’ll notice that Person Account fields can appear twice, under both the Contact and Account objects. If you want to apply Field-Level Encryption to Person Account fields, we recommend selecting the fields under Contact and leaving them unselected under Account. In rare cases, if you select the Person Account fields under Account, some inconsistencies can occur in the metadata. 

If you’re using the API to apply Field-Level Encryption, the same principle applies: Use Contact as the object prefix when identifying the Person Account fields that you want to encrypt. Don’t use Account.

Note: If you’re using Database Encryption only, all fields are encrypted at the transactional database layer, and these considerations don’t apply.

What should I do after enabling encryption on Person Account fields?

Once you receive the confirmation email stating that encryption is active, execute a sync from the Encryption Statistics page. This step ensures that all existing data is encrypted with the current active key.

Note: Encryption sync isn’t applicable for Database Encryption.

How do Person Account fields appear on the Encryption Statistics page?

Because Person Account fields are tied to the Contact entity within the transactional database, the Encryption Statistics page lists these fields under Contact rather than Account. Note that any non-Person Account fields (standard Business Account fields) appear under Account as usual.

How should I handle the "IllegalStateException" notification?

If you encounter an IllegalStateException banner while enabling encryption on Person Account fields, refresh the page and try the action again. Refreshing the page usually resolves the error.