Loading
Own from Salesforce
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Archive SDK—Right to Be Forgotten (RTBF)

            You are here:

            1. Salesforce Help
            2. Docs
            3. Own from Salesforce

            Archive SDK—Right to Be Forgotten (RTBF)

            Data privacy regulations grant individuals the Right to Be Forgotten (RTBF), requiring organizations to erase personal data securely upon request. Archive SDK enables compliance by identifying and deleting specific data from the Archive managed package, ensuring thorough removal while preserving the integrity of other archived data.

            Note
            Note This content relates to Archive. For Salesforce Archive, see Store Data Externally with Salesforce Archive.

            Define RTBF Filter Criteria

            To process an RTBF request, specify the appropriate filter criteria.

            Criteria Example
            Field Name Employee ID
            Object Contact
            Value ID 123456789011121314

            Important Considerations

            • Available from Archive Package 19 and later. For more information, see Access to Own Products.
            • Submissions are limited to 10,000 requests per day with a 10,000 root record search limit.
            • The RTBF deletion process extends to directly and indirectly related (child/descendant) records within a hierarchy.
            • Overlapping search results can mark some records as "already deleted" in the audit file.
            • If the search result reaches its limit, the SDK activity status shows a 200 status code with this error.

              Request processed. Maximum search results reached. Refine your search or submit a new request.

            • Most standard RTBF requests complete within 30 minutes.
            • Best Practice: Target the root object for optimal results.
            • Object and Field Name filters aren't case-sensitive.
            • Archive doesn't support partial deletion.

            RTBF Behavior for Child Records in an Archived Hierarchy

            When executing an RTBF request on a child record, the request removes the entire archived hierarchy associated with it.

            For example, if you search for a specific Case (child record) and submit an Archive RTBF request, the request removes the Case, its associated Tasks (child records of the Case), and the related Account (parent of the Case and grandparent to the Tasks). Because these records were archived together, RTBF deletes the entire archived hierarchy.

            However, if the Account was archived separately, running RTBF on the Case removes only the Case and its Tasks, but not the Account (grandparent record).

            How RTBF Works

            The RTBF process follows sequential API calls:

            • Data Deletion: The SDK sends a deletion request to Archive, removing all matching records.
            • Data Identification: The SDK queries Archive to locate all records matching the specified filter criteria.

            When the process is complete, an RTBF activity icon appears under the Activities tab in the Archive Console.

            Key Differences: RTBF vs. Purge

            • RTBF can target child records.
            • Purge queries only objects archived as root objects.
            Example
            Example Process an RTBF Request

            A former employee, Maria Johnson, submits an RTBF request to delete all personal data from your system. Your company archives employee records along with their email correspondence, customer interactions, and project assignments. To comply with the RTBF request, use this filter criteria.

            Object Field Name Value
            Contact Email Maria@own.com
            Case Employee ID 987654321
            Task Assigned To Maria Johnson
            Email Sender Maria@own.com
            Document Owner Maria Johnson

            This request ensures the complete removal of Maria's data, including her contact information, cases she was involved in, tasks assigned to her, and all email and document records linked to her. This process helps maintain compliance with data privacy regulations while ensuring a thorough and accurate deletion of sensitive information.

            API Methods and Response Handling

            Note
            Note

            Ensure the Filter Criteria are specific so as not to remove records unintentionally.

            We recommend validating your criteria by running the query on the Data Query SDK before submitting the RTBF request.

            Input Output Definition
            ArchiverAccessorResponse
            • ArchiverAccessorResponse.getBody();

              String that contains the requestId for follow up.

            • ArchiverAccessorResponse.getStatusCode();
            • ArchiverAccessorResponse.getErrorMessage();
            		 The response from the Forget API call. Returns a requestId to track the status of the request by using the getRTBFStatus method.
            Criteria(string sobjectName, string fieldName, string value)    
            forgetArchivedRecords(list<Criteria> inputFilters) ArchiverAccessorResponse
            • Public method that creates a Forget request to Archive.
            • Creates a list of criteria to delete.
            getRTBFStatus(string requestId) A CSV report containing all the details of the deleted information. Public method that gives you the ability to follow up an RTBF request you made.

            Archive SDK—Test and Run a Right to Be Forgotten (RTBF) Request

            Manually test the Archive SDK and run a Right to Be Forgotten (RTBF) request in the Archive managed package.

            1. Click the Settings icon.
            2. Select Developer Console.

              The Developer Console appears.

            3. Press Command + E.

              The window to enter the Apex code opens.

            4. In the console, run this code to create a criteria list, send an RTBF request, and get the requestId from Archive. 
              OB_Archiver.Criteria criteria1 = new OB_Archiver.Criteria('Account', 'Name', 
'example name');                        
list<OB_Archiver.Criteria> lst = new list<OB_Archiver.Criteria>();                        
lst.add(criteria1);                        
OB_Archiver.ArchiverAccessorResponse response =                        
OB_Archiver.ArchiverAccessor.forgetArchivedRecords(lst);                        
Map<String, String> values = (Map<String,                        
String>)JSON.deserialize(response.getBody(), Map<String, String>.class);                        
String requestId = values.get('request_id');                    
system.debug(requestId);
            5. Click Execute.

              The request begins. When completed, the requestId is stored in the Execution Log.

            View the Status of the RTBF Request

            After you send an RTBF request, you can view the status of the request.

            1. At the top right of the page, click the Settings icon.
            2. Select Developer Console.

              The Developer Console appears.

            3. Press Command + E.

              The window to enter the Apex code opens.

            4. Using the requestId for your RTBF request, run this code. 
              OB_Archiver.ArchiverAccessorResponse reportResponse =
OB_Archiver.ArchiverAccessor.getRTBFStatus(requestId);                            
system.debug(reportResponse.getBody());
            5. Click Execute.
              The status request begins. When completed, one of these statuses appears in the Execution Log.
              • "Request failed, please contact support.": The request was unsuccessful and failed.
              • "Request handled, no matching results were found.": There were no records matching the specified criteria.
              • "Request is open. Scan is still in progress.": The request is still in progress.

            When the request finishes successfully, you receive a CSV report containing all the details of the deleted information.

            The CSV report contains this information.

            • Criteria Record Field
            • Criteria Record Type: The criteria of the request.
            • Related Salesforce ID That Provoked Deletion: The row was referred to by another record in the table that also matches the criteria.
            • Salesforce ID
            • Status: Indicates if the record was deleted or not.

            RTBF Common Errors

            Invalid Criteria

            • The field must match an sObject.
            • No more than one criteria with the same sObject is permitted.
            • You can send up to 10 criteria per request.

            No Results

            • Value can't be partial.
            • Criteria must be of record type that has been archived.

            For example, if you have an Account with ID X in Salesforce, and you archived the cases belonging to that ID, you must exclude cases belonging to that Account. To exclude these cases, create this filter criteria.

            Object type: Case, field: AccountId, value: X
            Note
            Note The common mistake is creating these criteria: Object type: Account, field: Id, value: X

            This criteria doesn't delete anything because Archive doesn't have the relevant Account.

            Archive SDK—Right to Be Forgotten (RTBF) Use Case Scenarios

            Hypothetical use case scenarios for RTBF in the Archive managed package.

            Note
            Note This content relates to Archive. For Salesforce Archive, see Store Data Externally with Salesforce Archive.

            To view the steps for initiating an RTBF request, see the article Archive SDK—Right to Be Forgotten

            Scenario 1: RTBF with Multiple Objects

            Jane Doe is a customer of XYZ Bank, where she’s held an account for the past two years. Recently, she decided that she wants to exercise her RTBF under the General Data Protection Regulation (GDPR). Jane believes that the bank holds unnecessary personal data about her and wants it to be erased from their records.

            Jane submits her RTBF request to XYZ Bank and specifies the personal data she wants erased, which includes account information, transaction history, and any other personal data held by the bank. The bank identifies and locates Jane's personal data.

            RTBF Request
            Criteria Filter Filter Filter Filter
            Object Account Transaction_c Case Email
            Field Name Name Transaction user Customer Name From
            Value Jane Doe Jane Doe Jane Doe Jane Doe

            The RTBF request can contain up to 10 separate objects.

            Results

            • 1 Account found
            • 2,000 transactions found
            • 15 root cases found
            • 30 emails found

            Scenario 2: RTBF Single Object

            A pharmaceutical company released an experimental drug, Eddy's Elixirs, to treat arthritis. However, it resulted in severe adverse reactions among patients. After recalling the drug, the pharma company submitted an RTBF request to remove all public records and digital content related to Eddy's Elixirs.

            RTBF Request
            Criteria Filter
            Object Case
            Field Name Drug Name
            Value Eddy's Elixirs

            Results

            Archive found 1,000 Cases as roots and a further 1,000 patient records archived under the root as child records and removed all. 1 Activity is created, and viewable in the Archive Console Activities tab, showing the RTBF icon.

            Scenario 3: RTBF Over 10,000 Root Records Found

            Emily Jones, a regular user of a popular social media platform called ConnectWorld, decides to deactivate her account and requests to exercise her RTBF under data protection regulations.

            RTBF Request
            Object Filter Filter Filter
            Object User Account Contact Case
            Field Name Name Phone Related Id
            Value Account id For Emily Jones Emily's phone number Account Id For Emily Jones

            Results Archive found 20,000 root Case records, and a further 300,000 Contacts and 10,000 Cases as roots and a further 150,000 Contacts archived underneath the root as child records are removed.

            1 Activity is created in the Archive Console Activities tab, showing the RTBF icon.

            • getRTBFStatus returns a status code 200 with the error message "Request processed. Maximum search results reached. Refine your search or submit a new request to see more records."
            • Archive can process up to 10,000 root records per RTBF SDK request.
              • Solution: Run the query again to capture the remaining records.

            Archive SDK—Anonymize PII in the Archive App

            Anonymize personally identifiable information (PII) in archived records without deleting the record itself. Anonymization replaces sensitive values with irreversible placeholders to help you comply with privacy regulations while retaining the record structure of the Archive app.

            Anonymization, also known as masking, helps you comply with privacy requests, such as the Right to Be Forgotten (RTBF). This process performs an in-place update on archived records. Unlike a purge action, which permanently deletes data, anonymization replaces specific sensitive values with generic text, such as redacted@example.com.

            Note
            Note This feature is available only through the Archive SDK. It isn't available in the UI.

            How Anonymization Works

            The system detects PII fields, such as Name, Email, Phone, and Address, by using object metadata. When you submit a request, the system masks original PII values with irreversible placeholders. Non-PII data, such as record IDs and timestamps, remains unchanged and searchable.

            Anonymization is comprehensive. When you anonymize a root record, the anonymization process automatically cascades to all related child records within the same archived hierarchy. For example, anonymizing a Contact record also anonymizes PII in that record’s related Tasks and Events.

            Important Considerations

            • The anonymization process is permanent. You can't recover or view original PII values after anonymization.
            • You can anonymize a record only one time. If you submit a duplicate request for an anonymized record, the system ignores it.
            • Anonymization shares the standard Archive RTBF rate limit of 10,000 requests per organization per day.
            • You can't manually select fields to anonymize. The system identifies PII fields automatically based on the Recover algorithm.
            • You can't anonymize records that are legally held. The system automatically excludes records currently under legal hold or retention lock.

            Submit an Anonymization Request

            Define your target criteria and submit an anonymization job by using the OB_Archiver.ArchiverAccessor Apex class.

            Make sure that you meet these requirements.

            • Archive Managed Package release 24.27.00 or later.
            • The user running the Apex code has permission to access the OB_Archiver namespace.
            • Access to the Developer Console or an IDE to run Anonymous Apex.
            1. Open the Developer Console or your preferred Apex execution tool.
            2. Open an Execute Anonymous window.
            3. To define the criteria and submit the request, run this code. This code block anonymizes the email address field on a Contact record. 
              // 1. Define the criteria for the records to anonymize.
// Syntax: new Criteria('ObjectAPIName', 'FieldAPIName', 'ValueToMatch');
List<OB_Archiver.Criteria> criteriaList = new List<OB_Archiver.Criteria>();

// Example: Anonymize a specific Contact by Email
criteriaList.add(new OB_Archiver.Criteria(
  'Contact',
  'Email',
  'mickey.mouse@example.com'
));

// 2. Submit the anonymization request.
OB_Archiver.ArchiverAccessorResponse response = OB_Archiver.ArchiverAccessor.maskArchivedRecords(criteriaList);

// 3. Process the response to get the request ID.
Map<String, String> values = (Map<String, String>)JSON.deserialize(response.getBody(), Map<String, String>.class);
String requestId = values.get('request_id');

// Output the request ID for tracking.
System.debug('Anonymization Job Submitted. Request ID: ' + requestId);

            Verify Anonymization Status

            Check the status of your anonymization job and generate an audit report by using the request ID generated during submission.

            Anonymization is an asynchronous process. After you submit a request, use the returned request ID to track its progress and verify the results.

            1. To check the anonymization job status, run this code in the Execute Anonymous window. 
              // Paste the Request ID found in the Debug Log from the anonymization request.
// Example: String requestId = '0Qn5e000000abcD';
String requestId = 'YOUR_REQUEST_ID_HERE';

// Check the status.
String statusResponse = OB_Archiver.ArchiverAccessor.getMaskingStatus(requestId);

System.debug('Anonymization Job Status: ' + statusResponse);
            2. To generate an audit report after the anonymization job is complete, run this code in the Execute Anonymous window. 
              String requestId = 'YOUR_REQUEST_ID_HERE';
String report = OB_Archiver.ArchiverAccessor.getMaskingReport(requestId);
System.debug('Anonymization Audit Report: ' + report);

            Anonymization Results

            Review how PII fields appear after the anonymization process is complete. When the job status is HANDLED, the system updates the archived data immediately.

            • Searches that use the original PII like an email address return no results.
            • Searches that use non-sensitive identifiers like a record ID return the anonymized record.
            • When you view the record via Search, Export, or Unarchive, PII fields show placeholder values.
            Field Original Value Anonymized Value
            Name Mickey Mouse redacted_first_name
            Email mickey.mouse@example.com redacted@example.com
            Phone +1-415-555-1234 000-000-0000
            ContactId 003XX0000123AbC 003XX0000123AbC
             
            Loading
            Salesforce Help | Article