Loading
Manage Users and Data Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Personal User Information Considerations

            You are here:

            1. Salesforce Help
            2. Docs
            3. Manage Users and Data Access

            Personal User Information Considerations

            Keep these considerations in mind as you configure personal user information settings for external users by using Enhanced Personal Information Management.

            Required Editions

            Available in: Salesforce Classic and Lightning Experience
            Available in: Enterprise, Performance, Unlimited, and Developer Editions
            Applies to: LWR, Aura, and Visualforce sites

            Apex

            This setting isn’t enforced in Apex, even with security features such as the WITH USER_MODE clause, the WITH SECURITY_ENFORCED clause, or the stripInaccessible method. To hide specific fields on the User object in Apex, use the sample code outlined in Comply with a User’s Personal Information Visibility Settings.

            Automated Tools and Processes

            Some workflows, flows, or automated tools send emails in the context of an external user. If the email template references merge fields from another user record, errors can occur.

            Workflows, flows, and automated tools that run in system mode don’t enforce the personal information visibility settings.

            Integrations

            Integrations that rely on authentication of an external user can have errors if they sync user data classified as personal information to or from Salesforce.

            Permissions

            Information classified as personal or sensitive isn’t visible to users with View All Users, Modify All Data, and View All Data permissions. To view personally identifiable information (PII), a user must have the View Concealed Field Data permission.

            Profile Pages

            Profile pages in Experience Cloud sites can display blank fields for the protected information when viewed by other site users or guest users. Authenticated external users can still see and modify their personal information when viewing their own profile pages, with some exceptions:

            • If any address field is considered PII, the whole address field is hidden. Address fields include City, State, Street, Postal Code, Country, GeocodeAccuracy, Latitude, and Longitude.
            • When the First Name or Last Name field is considered PII, a nickname is shown when nickname display is enabled. When nickname display isn’t enabled, name fields are visible.
            • When some but not all address fields are considered PII, guest users have a different experience than community or portal users. If at least one address field is included in the PersonalInfo_EPIM field set, all address fields are blocked for guest users. But in this scenario, community and portal users can see address fields that aren't in the field set, even if other address fields were added.
            Example
            Example An admin enables Enhanced Personal Information Management then removes these address fields from the PersonalInfo_EPIM field set: Zip/Postal Code, Country. Next, the admin contacts a guest user and a community user to test the setting that they enabled.
            • The guest user navigates to another user's profile page in Salesforce. None of the address fields show address information. The Zip/Postal Code and Country fields, which weren't included in the field set but are elements of the address compound field, are hidden.
            • The community user navigates to another user's profile page. Address fields that are included in the PersonalInfo_EPIM field set, such as Street and City, are hidden. But address fields that weren't included, such as the Zip/Postal Code and Country fields, are visible.
            To ensure that User PII data is protected, the admin returns to the PersonalInfo_EPIM field set, adding the Zip/Postal Code and Country fields to it.
            • The guest user again navigates to another user's profile page. None of the address fields show address information. This information is still hidden.
            • The community user navigates to another user's profile page. Address fields such as Country are still not visible, and the Zip/Postal Code and Country fields are no longer visible.

            Reports and Dashboards

            If a report or dashboard subscription has the running user set as an internal user, external user recipients can see user fields classified as personal information.

            Let’s say a dashboard subscription has the running user set as an internal user, and the dashboard returns user fields that are classified as personal information. An external user who is subscribed to the dashboard can see these fields, even though they’re classified as personal information.

            Supported Fields

            • You can hide any standard or custom user field except for system fields, formula fields, the Default Currency ISO Code field, and the Information Currency field.
            • Don’t classify fields that don’t contain PII.
            • If you classify the Name field as personally identifiable and enable the Show Nicknames preference for your Experience Cloud site, external and guest users see Nickname in Name fields. When you use field sets, you can also choose whether to classify first and last name as PII. If the First Name field isn’t PII, but the Last Name field is, the First Name field displays the first name. The Last Name field displays the nickname.
            • When using a field set to hide PII fields, you can classify compound fields, such as Name or Address, as personal information by adding them to the field set. You can also configure personal information visibility for the individual component fields that are displayed in the default PersonalInfo_EPIM field set, such as City.
            • When using Compliance Categorization to hide PII fields, you can configure personal information visibility for compound fields only that appear in Object Manager, such as Address. You can’t classify their individual component fields, such as City or Postal Code, as personal information.

            Other Considerations

            • If you use a field set to hide PII fields, you can use a change set or an unlocked package to move the field set from one org to another. If you’ve migrated from using Compliance Categorization to using a field set, add the Name field to the field set to ensure that names are hidden.
            • When you use Compliance Categorization to hide PII fields, the Setup Audit Trail includes each instance when you added or removed the PersonalInfo value for a field. When you use field sets, the audit trail shows only that the field set was updated.

            See Also

             
            Loading
            Salesforce Help | Article