Skip to main content

Get to Know Data Detect

Learning Objectives

After completing this unit, you’ll be able to:

  • Explain how Data Detect identifies and categorizes sensitive data within a Salesforce environment.
  • Describe how to configure and execute a Data Detect scan.
  • Outline how to use Data Detect scan results in conjunction with other Salesforce Trusted Services.

What Is Data Detect?

Data protection is crucial in today's digital landscape. Salesforce Data Detect is a tool designed to help you identify sensitive data in your Salesforce org so that you can take proactive steps to protect it. Data Detect uses native platform technology, meaning you don’t need to rely on third-party services or move your data outside of Salesforce.

Note

Note: Data Detect is available in Enterprise, Performance, Unlimited, and Developer Editions.

So How Does It Work?

Data Detect expedites data categorization by identifying sensitive data in actual field content. For example, Data Detect might find Social Security numbers consistently appearing in a field, indicating that sensitive data is expected in that field due to your organization's operational needs. With this information, you can then choose to update that field’s content with a personally identifiable information (PII) compliance or confidential data classification, or take other actions.

Data Detect includes multilevel validation and intelligent pattern detection of a wide range of predefined and custom sensitive data types. This helps minimize false positives and ensure classification updates are based on significant patterns rather than isolated instances.

An image of sensitive data identified under a magnifying glass.

Data Detect Policies

You can create multiple Data Detect policies to find sensitive data that users inadvertently enter into fields across your Salesforce org. When you create a policy, you select a start date and an end date, up to a maximum of 365 days. Data Detect scans for any new or changed data made within the selected time frame. Or you can select a random time frame to collect a historical subsection of sensitive data.

You can also exclude certain compliance categories, data sensitivity levels, and specific fields to reduce scan time and increase the relevance of results. For example, you can exclude fields that your organization has already identified and marked as sensitive with a data sensitivity and compliance classification, or fields that your organization has planned for deprecation or intends to be hidden. Exclusions make your Data Detect scans more efficient and focused on new or unexpected sensitive data.

What Can Data Detect Scan?

Data Detect is capable of scanning Text, Text Area, Long Text Area, and Rich Text fields (specifically the plain text within them) across both standard and custom objects. Beyond the sensitive data categories that are predefined in Data Detect, you can create your own custom patterns. Custom patterns use regular expressions (Regex), which are sequences of characters that define a search pattern. You can use Regex to detect organization-specific sensitive information, such as unique student IDs, employee identification numbers, or contract numbers. To ensure that your custom patterns are identifying exactly what you intend, test and validate your regular expressions before initiating a scan.

When a Data Detect scan completes, you receive an email notification. View the results within the Data Detect app to see which objects and fields contain sensitive data.

Use Scan Results with Salesforce Trusted Services

Identifying sensitive data is the first step. Taking action is the next. After Data Detect helps you pinpoint areas of concern, use other Salesforce Trusted Services products to enhance your organization’s data security.

  • Classification: Update the data sensitivity classification and compliance categorization of fields that contain sensitive data. This helps in reporting and creating Transaction Security and Shield Platform Encryption policies.
  • Encryption: Revisit your Salesforce Platform Encryption policies and consider applying Database encryption for your transaction database or Field Level Encryption for identified sensitive data fields.
  • Transaction security policies: Create or update your Salesforce Event Monitoring transaction policies to manage fields with sensitive data. For example, you might update your policies to prevent the export of sensitive data from reports.
  • Masking: Consider masking fields with sensitive data in both your production (with Privacy Center) and sandbox environments (with Data Mask).
  • Audit: Review field history retention for fields with frequent instances of sensitive data using Field Audit Trail.
  • Access permissions: Review access controls and permissions to fields containing sensitive data with Salesforce Security Center.

Together, Data Detect and these Salesforce products enable you to effectively manage and protect your sensitive information.

Want to Learn More?

Explore other Trailhead modules on Salesforce Shield, Privacy Center, and Data Mask to deepen your understanding of Salesforce data security best practices.

Resources

Share your Trailhead feedback over on Salesforce Help.

We'd love to hear about your experience with Trailhead - you can now access the new feedback form anytime from the Salesforce Help site.

Learn More Continue to Share Feedback