You are here:
Data Detect
Data Detect helps you identify sensitive data within your org so you can take steps to protect it. It uses platform-native technology without relying on third-party services or moving data outside of Salesforce. Use Data Detect to expedite data categorization by aligning data sensitivity levels and categories to actual field data.
Control Name
Data Detect (Add-On)
Control Overview
Data Detect automatically scans Salesforce orgs to identify and categorize sensitive data like PII, credit cards, SSNs, emails, and custom patterns using multilevel validation and intelligent detection, enabling proactive data protection without third-party tools.
Description
Scans text-based fields across standard and custom objects for predefined or custom (regex-based) sensitive data types entered or changed within a specified timeframe (up to 365 days), providing results to update classifications, encryption, masking, access controls, and policies.
Recommended Configuration
Activate policies to scan the org by creating policies specifying date ranges, objects/fields, sensitive data categories, and exclusions; run scans and review results to classify fields and apply protections like encryption or transaction security.
Security Impact
Data Detect helps identify sensitive data within your org so you can take steps to protect it.
Business Impact
Streamlines data governance and minimizes breach risks/costs by automating sensitive data discovery across large orgs, integrating with Shield tools for comprehensive protection.
Security Risk If Not Configured
Disabled automated data sensitivity scanning leaves inadvertent PII/financial data undetected in fields, increasing exposure to breaches, non-compliance, and exploitation via reports, APIs, or exports.
Threat Scenarios
Sensitive data (for example, credit cards in description fields) exposed through sharing rules, reports, downloads, or integrations; insider threats or attackers exploiting unclassified high-risk fields without encryption or masking.
Estimated CVSS Score Range
High (7.0–8.9).
Risk Impact Considerations
Depends on data volume and sensitivity (for example, regulated PII), field usage frequency, existing manual classification processes, and integration and export patterns that could amplify exposure.
Higher Risk When
Orgs handle regulated and high-volume PII, have complex schemas with many custom fields, frequent user data entry, or weak change management allowing unmonitored sensitive data accumulation.
Low Risk When
Orgs with minimal sensitive data, pre-classified fields, strong DLP controls, low user churn and data velocity, or small and simple schemas already under manual security review.
Business and Integration Considerations
Strongly recommended. Results integrate seamlessly with Shield (Platform Encryption, Event Monitoring), Security Center, Privacy Center, and Data Mask for end-to-end protection workflows.
Security Health Review Guidance
Recommend implementing Data Detect if handling regulated and high-volume PII to identify sensitive data in your org.
Who Is Impacted
Org admins, security/compliance teams, data owners, and auditors managing Salesforce data privacy, especially in regulated industries like finance/healthcare.
