This week at Dreamforce ‘19, we announced Salesforce Data Mask — a new tool to help you customize, build, and test on Salesforce while protecting private data. Data Mask anonymizes and deletes private data from your sandbox environments so you can test with high fidelity substitute data and rest assured that your customers’ data is kept private and confidential.
In recent years, new regulations such as the European Union (EU) General Data Protection Regulation (GDPR) and the forthcoming California Consumer Privacy Act (CCPA) require companies to evaluate their technical and organizational controls to ensure compliance. Industry-specific standards and regulations such as the Payment Card Industry Data Security Standards (PCI DSS) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) also include strict privacy and security requirements.
Data governance issues can cause significant repercussions for your business, including loss of customer trust and legal consequences, including regulatory fines. GDPR infractions alone can lead to fines of up to 4% of annual global revenues, or $20 million, whichever is greater.
With these complex privacy requirements in mind, we systematically address privacy-related systems and processes, including where private data resides, how and when it moves, and who has access to it and when. While we often think of security and compliance in the context of production software deployments, it is equally important to think about the application development process. This is where Salesforce Data Mask comes in.
Instead of manually securing data and access for sandbox orgs, Salesforce Data Mask automatically masks private data in sandboxes. Data Mask uses a fully platform-native approach to mask private data without taking data out of Salesforce or introducing external dependencies.
Data Mask works behind-the-scenes in three ways:
Anonymization — or making the data anonymous — scrambles a field’s contents into unreadable results. For example, Blake becomes gB1ff95-$.
Pseudonymization converts a field into readable values unrelated to the original value. For example, Kelsey becomes Amber.
Deletion converts a field into an empty data set.
Salesforce Data Mask uses nondeterministic obfuscation, meaning that you cannot unmask the data even if you try to reverse engineer the approach or use statistical inference attacks to attempt to maliciously hack the data.
With new data privacy regulations, protecting confidential customer data is extremely important for admins and developers to consider. Sandbox environments are one place where strict data privacy protocols often get overlooked.
That’s where Data Mask can help to ensure your private production data remains private. As a managed package that you install in your Salesforce production environment, Data Mask lets you hide sensitive information in three different ways, depending on your specific needs.
Data Mask will be generally available next month and will be highlighted at several sessions during Dreamforce ‘19 if you’d like to learn more: