Loading
Data Protection and Privacy
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Data Retention Policies

            You are here:

            1. Salesforce Help
            2. Docs
            3. Data Protection and Privacy

            Data Retention Policies

            Create data retention policies with the Data Retention feature. Using Heroku for data processing and storage, these policies automate how PII is stored, retained, and anonymized in Salesforce.

            Required Editions

            Available in: all editions
            User Permissions Needed
            To retain customer information using Heroku: ModifyAllData and PrivacyCenter

            Sometimes you have customer data that you don’t want to lose but also don’t want your users to access. For example, some customer information has no explicit user consent to access because the information was collected before certain privacy regulations were introduced. Other times, you want to improve your storage and performance limits by removing old or unimportant information. In both cases, the Retention Policy function allows you to store data out of production in a space that is inaccessible to other users.

            Alternatively, you can obfuscate, or mask, data within your storage to reduce the risk of identification or enable aggregate data usage in scientific, business, or data collection contexts. Masking only impacts the data in the original Salesforce org. Privacy Center offers two levels of masking, depending on the sensitivity of your data:

            1. Anonymization: Replace sensitive data with a random 5-character alphanumeric string (Example: Blake becomes Xyz42)
            2. Pseudonymization: Replace sensitive data with similarly mapped words from a list of Salesforce-provided libraries (Example: Kelsey becomes Zachary)

            While both methods enhance data privacy, you can work with your legal team to determine the obfuscation level that’s right for you.

            With either method, you can only mask mutable fields. For example, customer names can be anonymized or pseudonymized, but important dates, customer identification methods, and field owners can’t be modified. We also recommend not masking usernames to keep from locking users out of their accounts.

            Privacy Center doesn’t deactivate any automation, including triggers, validation rules, and workflows. Admins can manually disable automation. Alternatively, you can use rule logic to avoid running the triggers, validation rules, or workflows depending on a specific profile or user.

             
            Loading
            Salesforce Help | Article