Customer Data Information Spillage

Information spillage is the unintended exposure of sensitive data either from: (1) a classified information system to an unclassified information system; or (2) a higher classification or protection level to a lower classification or protection level environment.

To safeguard government data, the Federal Risk and Authorization Management Program (FedRAMP) and the Department of Defense (DoD) enforce security standards for cloud services that US federal agencies use. Immediate response actions include containment, eradication, and notification of authorities, along with efforts to prevent future spillages.

In Salesforce, spillage occurs when a user enters sensitive data into a field or uploads a file to Salesforce that exceeds the current system authorization level. If a spillage occurs, the customer is responsible for the remediation actions. Avoid including, collecting, processing, or storing data that exceeds the current authorization level of the cloud environment where your Salesforce instance is hosted.

Shield Platform Encryption mitigates spillage by ensuring that data associated with potential information spills is unrecoverable from Salesforce-managed backups.