Mitech Preloader

Protecting your data with Data Classification in Salesforce.

Cloud Services / Dynamics / IT Transformation / Technology Advisory

Protecting your data with Data Classification in Salesforce.

As we all are aware that loss of critical and sensitive data can seriously affect the robust growth and innovation of your business. That’s why data security has become important task for every business running salesforce. That’s where data classification comes in the scenario. Now the question is what is Data Classification?  In Salesforce the objective of data classification is provide strong base for security. It is the process of organizing your precious data into defined categories just as to its sensitive level. Each category is a response to an impact level and a prescribed security protocol and public data, for instance it can be viewed by anyone but cannot allow the unauthorized editing. Critical data should need more protection especially if regulations like HIPAA and GDPR are in provision. With the knowledge of where various types of data are stored, businesses can build profound control to protect it. Now what does data classification looks like in salesforce? To help keep track of numerous information, salesforce introduced data classification metadata fields as part of its ’19 summer release which allows you to add data classification tags to any field in a custom object. Salesforce data classification gives you four fields to categorize and classify data in your Org: Compliance Categorization, Data Owner, Field Usage and Data Sensitivity Level. Let’s see what these terms means-

Compliance Categorization:  Compliance Categorization field provides you a path to identify the data with special privacy requirement which will need additional security controls. Salesforce comes with data classification tabs for the regulatory standards.

  • CCPA (California Consumer Privacy Act)
  • COPPA: (Children’s Online Privacy Protection Act)
  • GDPR: (General Data Protection Regulation)
  • HIPAA: (Health Insurance Portability and Accountability Act)
  • PCI: (Payment Card Industry)
  • PII: (Personally Identifiable Information)

Companies with highly regulated industry can have advantage from using these fields to track and identify that is notable for auditors.

Data Owner:  This classification defines the group and person related with the field which in result, the data owner should be someone who understands the value of field’s data to your business, which are likely to be responsible for fixing the minimum data sensitivity level and relevant control around it.

Field usage:  It tracks whether the field is in use, which can be useful when doing a clean-up project. This includes-

– Active

– Deprecate Candidate

– Hidden

By using this field, you can flag potential candidates for deprecation and streamline your business.

Data Sensitivity:  Here you want to ask one question which is “how sensitive it is?” who can view it and edit it? Salesforce provides you various default value for this classification-

  • Public: can be viewed but cannot be edit
  • Internal: available to company as an asset but cannot be shared with others under NDA.
  • Confidential: can be shared with others under NDA.
  • Restricted: Restricted by law, regulation, an NDA or MSA.
  • Mission Critical: Almost always restricted by law and regulation or an NDA/ MSA.

Why use Data Classification feature?

Creating own data classification model with salesforce native data classification capabilities can be perfect foundation for any business. From data protection and risk management to improved user productivity, there are various advantage to properly differentiate your data which is vital part of your security strategy.

Source: (


If you have any comments, please reach out to us at




Leave your thought here

Your email address will not be published. Required fields are marked *