How Anonymization Works

Retaining Distribution and Data Integrity

To maximize the data quality, a given value that is anonymized is anonymized to the same value when encountered again on the same field type in the same anonymize job, thus preserving the original distribution of values and integrity. These four required factors must be the same for this to function:

• The replacement value selected in the template
• The field name (API name)
• The original value
• Field Type

For example, if the Country field value was originally ‘Cuba’, and was anonymized to ‘Peru’, every record in the same job, where the Country field is 'Cuba' is anonymized to ‘Peru’.

Field Type Identification

As Salesforce’s schema does not provide identification for all fields containing sensitive information, the application uses the following process to determine which fields to anonymize (and the appropriate matching anonymization functions):

• Address fields: Street, City, State, Country, and Postal Code fields are determined by their Label.
• Names: Account Name field uses a company name anonymization. Contact Name field is anonymized via a person names anonymization function. Other Name fields are anonymized as regular strings. FirstName and LastName field names are anonymized accordingly.
• Personal identifiable information: Email, Phone and URL fields are identified by their corresponding field types.
• National ID numbers: Social Security Number, Social Insurance Number, National Insurance Number are identified via the “MaskType” property. The ‘all’ MaskType field types are anonymized via the SIN anonymization function.
• Financial Credit card fields: Identified via the ‘creditCard’ MaskType.
• Other: All encrypted string field types are also anonymized as string fields, according to their original length.

Field History Tracking

The Anonymize application is able to anonymize the records in the selected Salesforce sandbox. However, application processing does not manipulate the Field History Tracking in Salesforce, as History tables are Read-Only. When using the application to anonymize data in a sandbox, we recommend to disable Field History Tracking and re-enable if required.

In your sandbox, you can turn off field-history tracking from the object’s management settings. See the Salesforce help article Disable Field History Tracking.

Compliance Categorization and Data Sensitivity Level

The Anonymize application sets fields with Data Sensitivity Level and Compliance Categorization in Salesforce. The application sets a data sensitivity level from the field, and identifies if the field needs to be anonymized.

A field is marked as sensitive information by the following field properties:

• Compliance Categorization: The compliance acts, definitions, or regulations that are related to the field’s data. When the field contains a value that is not public, the application suggests an anonymization value.
• Data Sensitivity Level: The sensitivity of the data contained in this field. When the field contains a default value of Internal, Confidential, Restricted or MissionCritical, the application suggests an anonymization value.

Once the Compliance Categorization and Data Sensitivity Level are recognized, the application suggests to anonymize the fields. If the field is marked as private or sensitive information, the replacement value is automatically recommended. However, if we are unable to recognize the categorization, then the anonymization is randomized.

For checkboxes, the cache mechanism is used. For the first record a randomly selected replacement checkbox state is used (either checked or unchecked). All following records having the same original state accordingly receive that same new state.