Understand How Different Masking Types Work

Make Your Data Random

Use a random masking type for sensitive data where enforcing a specific value type isn’t necessary. Replaces sensitive data with random characters that are readable, but not recognizable. For example, annual revenue, a birth date, or integers. You can still enforce the upper and lower bounds to the data, but you’re less concerned with the specific value of any one record. For date fields, specify earliest and latest dates.

Business processes can function at this masking level, but it preserves confidentiality in the production environment. When you use random characters to mark fields for replacement, Data Mask transforms sensitive, readable sandbox data into random data. For example, if you replace the values of the First Name, Last Name, and Email Address fields in the Contact object with random characters, then a production entry such as Susan Badger, me@example.net transforms into vqiz olmt,cxznd@sfdc.co in a sandbox.

Replace Your Data with Library Values

Use this masking type when you need similar data to test so developers can understand the results that they’re getting. For example, replacing names with names and emails with emails helps developers recognize what they see as an appropriate value when testing a feature.

Field types remain the same at this masking level, so any business processes that rely on specific data types function normally. You can also recognize the data type, thus making informed decisions from the random data. Any sensitive information in the production environment remains confidential. When you use library values to mark fields for replacement, Data Mask transforms sensitive, readable sandbox data into random but recognizable data by using proprietary libraries embedded in the managed package. For example, if you replace the values of the First Name, Last Name, and Email Address fields in the Contact object with library values, then an entry such as Nancy Simon, nan@example1.com becomes Gregory Fitzpatrick, liza.perez@example.com.

Replace Your Data with Data Generated by Using a Pattern

Replacing data with a pattern is similar to replacing with library values. You have greater control over the value because you can enforce a specific value for the field. For example, use a pattern to generate a formatted integer or string, such as an email, or enter a static value so that the field always represents the needed value.

The field type remains the same at this masking level, so any business processes that rely on specific data types function normally. Any sensitive information in the production environment remains confidential. You can use a pattern of your choice to mark fields for replacement. Data Mask transforms sensitive, readable sandbox data into random but recognizable data that uses a pattern. The pattern must follow the following rules:

• %c = replace with lower-case letter (a-z)
• %C = replace with upper-case letter (A-Z)
• %d = replace with digit (0-9)
• %% = replace with % sign
• %nd or %nc = replace with “n” number of digits or characters

For example, if you replace the Email Address field in a contact object with a pattern, then an entry such as john@example.org becomes user-32342@example.com using the pattern user-%5d@example.com.

Delete Your Data

Use this masking type when you have sensitive data in fields that aren’t necessary for testing, such as long-text areas, notes, or fields that take up a large amount of storage space. This transformation is the most efficient way to eliminate private data from the sandbox.

When you mark fields for deletion, Data Mask transforms sensitive, readable sandbox data into empty sets. This transformation is the most efficient way to eliminate private data from the sandbox.

Warning When data is deleted from a sandbox, it can’t be restored. Be selective in choosing privacy assurance methods, as deletion can remove the ability to test some business processes.