Important Notice

The content in this space is currently being migrated to the cloud. Any content edits must be made by a Knowledge Base admin until migration is complete.
To request content edits, please submit a request to the Strategic Operations Training Team and include the page URL and details on required edits.
A member of the Strategic Operations Training Team will reach out for clarity if needed.

Salesforce: Restricting Access to Confidential Data

This page will provide the procedure for restricting access to data with classification ratings of moderate or high confidentiality in Salesforce. For example, Utility bills with account numbers, loan numbers, driver’s licenses, etc.

Work with Data Governance and the Salesforce team to identify data and attachments with classification ratings of moderate or high confidentiality.

As it relates to network and data transmission, Salesforce encrypts information between Salesforce and the customer, and between the primary and disaster recovery data centers. Customer Data is processed and stored solely within the continental U.S., operated and supported by screened U.S. citizens as applicable. Data is protected in-transit and at-rest with FIPS 140-2 validated encryption. For data, there are encryption options built into Salesforce, Classic Encryption that provides the ability to create specific encrypted fields on an object. 

Access is restricted by permission sets that enable only authorized users to access those fields.

Data with a classification rating of high confidentiality (SSN and bank account numbers) information on attachments should be redacted if the information is not required.