Prepare for Privacy Center
Learning Objectives
After completing this unit, you’ll be able to:
- Discuss the benefits of using the Salesforce Consent Data Model with Privacy Center.
- List some ways that Privacy Center can protect user data.
Introduction
As you just learned, Matt at Cumulus Cloud is tasked with setting up privacy policies in Privacy Center. His company is required to comply with data privacy laws like the General Data Protection Regulation (GDPR) and other consumer data privacy regulations.
Understand Your Consent Data Model
Before Matt can begin implementing Privacy Center, he needs to understand his company’s data model and how it handles consumer data. He begins by analyzing where Cumulus Cloud stores personally identifiable information (PII), how it flows through the system, and whether it’s being captured and managed in a way that supports compliance with privacy regulations.
Matt’s goal is to ensure that sensitive data is accurately classified, properly governed, and easily accessible for handling data subject access requests. In addition, he wants to identify opportunities to optimize data management by ensuring PII is stored only where necessary and that redundant or outdated data can be archived or deleted in compliance with regulatory standards.
While Privacy Center is compatible with any data model that you use for managing consent on the Salesforce Platform, there are certain benefits to using the Salesforce Consent Data Model with Privacy Center. You can use the Salesforce Consent Data Model as the standard data model for managing consent at multiple levels, from global preferences to more granular controls. This data model considers the individual’s entire experience, not just a single contact point. Any record relating to an individual can be associated with any related consent considered within this model, including leads, users, person accounts, and contacts.
The Salesforce Consent Data Model enables you to:
- Use the Individual object as a single top-level object for Privacy Center policies.
- Simplify the process of creating forms in Preference Manager.
- Choose an initial level at which to manage consent and then add levels of granularity as your business needs evolve or regulatory requirements change for managing that consent data. For example, you can use the Individual object to manage consent at the top level and add flexible levels of consent for related objects, such as Leads or Contacts, to your policy later.
Cumulus Cloud uses the Salesforce Consent Data Model, which makes it easy for Matt to set up Privacy Center.
Understand Policies in Privacy Center
In the first unit, you learned that Privacy Center uses privacy and portability policies to manage the data lifecycle effectively. Let’s explain what we mean by the word policy in this context. A policy is a set of guidelines, or rules, that govern behavior and operations in Salesforce. In Privacy Center, you create policies to define the conditions under which you want to mask or delete data.
So, for example, you can create a data management policy to mask PII from contacts that are more than 3 years old with only closed cases, and delete contacts from production once they are 7 years old with closed cases, but maintain a copy of that data elsewhere for 10 years.
Let’s take a look at the ways Matt can use policies to protect data on the field and record level at Cumulus.
Protect Data on a Field Level
The first way to protect data is to maintain records but mask or delete data in certain fields.
When you protect data at the field level, you have four options to choose from for each field on the record.
- Do Not Change leaves this particular field’s data as-is.
- Delete removes this particular field’s data, but it doesn’t delete the entire record.
- Pseudonomize with a Static Value masks the data in this field with a user-specified string up to 255 characters (for example, replace “Kelsey” with “Redacted”).
- Anonymize with a Random Value masks the data in this field with random values (for example, “Kelsey” becomes “Xyz42”). Optionally, check the box next to Unique to add the record’s Salesforce ID to the field value to create a globally unique value.
Be aware that you can only mask mutable fields. For example, customer names can be anonymized or pseudonymized, but certain dates, customer identification methods, and field owners can’t be modified. We recommend not masking usernames to keep from locking users out of their accounts.
Matt’s organization has decided that the best course of action is to anonymize certain fields within a Salesforce record. But he can also protect data on the record level. Let’s look at that next.
Protect Data on a Record Level
The other way to protect data is to delete records. Depending on your requirements, you may delete them entirely, or maintain a copy outside of production, for example in the Hyperforce Retention Store.
Privacy Center gives you a lot of flexibility in record-level deletion. You can specify whether to delete top-level records only, or include parent records, related child records, or attachments and files in your policy.
Be aware that per standard Salesforce behavior, child records in a master-detail relationship are cascade deleted. Child records in a lookup relationship will not be deleted and might be orphaned unless they are added to the policy as either child objects or additional top-level objects, depending on the use case.
Design Considerations for Retention Policies
Data privacy laws such as the GDPR require businesses to minimize the amount of personal data stored. And, businesses might be required to pseudo-anonymize or anonymize that data as much as possible.
You might also have customer data that you don’t want to lose, but that you don’t need in production. (For example, some of Cumulus Cloud’s customer information has no explicit user consent because the information was collected before certain privacy regulations were introduced.) Other times, you may want to improve your storage limits and performance by removing old or unimportant information.
With data management policies, you can execute masking and deletion transformation actions that you set for targeted data. And you can store data that was masked or deleted out of production in a space that is inaccessible to other users.
Sum It Up
In this unit, you learned about some important elements of data privacy models. You also learned how to protect data on a field and object level. Finally, you explored some design considerations for retention policies. In the next unit, learn the basics about how to create and run data management policies for your organization.