Managing protected fields
note
Management of protected fields is identical for the three-model package and for the legacy package.
PROTECTED fields (regulated fields) are fields that contain information that may be used to identify the person. Due to regulations of different countries, such information must be protected, and in some situations stored in the origin country.
For each Salesforce object, you can define the PROTECTED fields that store the personal identifiable information (PII) or any sensitive information users choose to localize. Such fields will be processed by the package according to the configured data store policy.
Managing PROTECTED fields
The package lets you manage PROTECTED fields as follows:
Add PII fields for each Salesforce object
Delete the no longer needed PROTECTED fields for each Salesforce object
On the menu, select Settings. The page with the app settings loads, as follows:
Here you need to select the Salesforce object which PROTECTED fields will be added for.
Adding PROTECTED fields
Select the Salesforce object which PROTECTED fields you want to add.
Click Add Field. The Add PII Fields form opens.
In the Select Field box, start entering the field name. Select the field from the prompted matches.
In the Hash Function box, select the hash function which will be applied to the value of the field. Ensure that the applied hash function is valid for data contained within the field, otherwise the hashed data pattern will be incorrect for storing in Salesforce. You can use the fixed hash function to apply your own custom value to hashed fields.
In the Lookup relationship box, enter the lookup relationship for the current field. In Salesforce this corresponds to the
Lookup Relationship Name.In the Reference field box, enter the field name which value the current field will reference.
In the Reference order box, specify the order in which fields are referenced. Use the comma to separate different fields from each other.
In the Lookup api name box, enter the field name of the Salesforce object for making calls to Salesforce API. In Salesforce this corresponds to the
LookupObjectApiName.In the Key box, select the key if available to make the field searchable in Salesforce. You can have up to ten searchable PROTECTED and regular fields per one Salesforce object. This setting defines the field value searchability against the object and key.
Check the Need to hash box to enable the hashing for the PROTECTED field. By default, it it enabled automatically when you select the hash function.
Check the Is Compound box to indicate that the field is comprised of multiple fields.
Check the Is Country field box to indicate that the field contains information about the country.
When complete, click Add.
The newly added PROTECTED field will appear on the list with other PROTECTED fields that are attributed to the currently selected Salesforce object. These fields will be processed by the package and shown according to the configured data regulation policy.
Selecting hash functions for PROTECTED fields inline
You can select or change hash functions for PROTECTED fields inline when viewing the list of such fields for a specific Salesforce object.
On the list with PROTECTED fields, locate the field for which you want to change the hash function.
Hover over the field with the hash function.
Click the Edit icon.
Select the appropriate hash function.
The selected hash function will be applied to the current PROTECTED field.
Supported field types and their hash functions
nothing | fixed | sha256 | uniqueHash | uniqueEmailHash | defaultText | defaultDateTime | defaultBoolean | defaultNumber | random | |
|---|---|---|---|---|---|---|---|---|---|---|
| Text |  | | | |  | | | | | |
| Text Area | | | | | | | | | | |
| Picklist (single-select) | | | | | | | | | | |
| Picklist (Multi-Select) | | | | | | | | | | |
| Time | | | | | | | | | | |
| Date OR Date/Time | | | | | | | | | | |
| Checkbox | | | | | | | | | | |
| Percent | | | | | | | | | | |
| Number | | | | | | | | | | |
| Currency | | | | | | | | | | |
| Phone | | | | | | | | | | |
| | | | | | | | | | |
| URL | | | | | | | | | | |
| Geolocation | | | | | | | | | | |
| Base64 | | | | | | | | | | |
Hash function examples
note
Hash functions work only with values, if there are no values, the hash function is not applied.
| Hash function | How it works | Input value | Value saved to Salesforce | Value saved to the InCountry platform | Recommendations |
|
|
The function preserves the original value as-is without any changes. |
|
|
|
Avoid using this hash function for PII data as it does not redact values and keeps the clear-text values in the Salesforce database. |
|
|
The function applies the specified default value to all records making the same dataset store one value. You can adjust the default value depending of the field type. |
|
|
|
|
|
When configuring the default fixed value: 10. |
|||||
|
|
The function hashes a field value with the SHA-256 algorithm and is applicable for text string values only. |
|
|
|
|
|
|
The function hashes a field value with a custom algorithm and appends the current date into the resulting hashed value. It is applicable for text string values only. |
|
|
|
|
|
|
The function hashes a field value with the SHA-256 algorithm and adjusts the hashed value to the email format. |
|
|
|
Use this function when you perform validation of email address pattern in Salesforce. |
|
|
The function replaces a field value with an empty string. |
|
|
|
Do not use this hash function for required fields. |
|
|
The function replaces a field value with the default date |
|
|
|
|
|
|
The function replaces a field value with the default date/time |
|
|
|
|
|
|
The function replaces a field value with the |
|
|
|
|
|
|
The function replaces a field value with the |
|
|
|
|
|
|
The function replaces a field value with some random value. This hash function generates a random alphanumeric string depending on the field type. |
|
|
|
|
|
|
|
|
|
Mapping fields to hash functions
note
While configuring fields, please consider the using of the proper hash function for a specific data format. For example, if you need to tokenize the email address, you should use uniqueEmailHash function. Otherwise, email address will not be properly handled by Salesforce. For names, use the uniqueHash function.
If you use the redaction data regulation policy, you need to apply the correct hash functions to fields. Please check the mappings of hash functions to fields in the following table:
| Internal Salesforce field | UI field | Hash function | Conditions | Notes |
|---|---|---|---|---|
| ANYTYPE | N/A | This function is on our roadmap and is not available yet. | ||
| BASE64 | N/A | uniqueHash | If the field length is greater than or equal to 50 characters. | Supporting the backward compatibility. |
| BASE64 | N/A | sha256 | If the field length is greater than or equal to 64 characters. | Supporting the backward compatibility. |
| BOOLEAN | Checkbox/0 | defaultBoolean | ||
| CALCULATED | N/A | This function is on our roadmap and is not available yet. | ||
| COMBOBOX | N/A | defaultText | ||
| CURRENCY | Currency | defaultNumber | A new function is to be implemented. | |
| DATACATEGORY | N/A | This function is on our roadmap and is not available yet. | ||
| DATE | Date | defaultDate | ||
| DATETIME | DateTime | defaultDateTime | ||
| DOUBLE | Number | defaultNumber | A new function is to be implemented. | |
| Email/80 | uniqueEmailHash | Use the uniqueEmailHash as the main function for the Email field. It generates the unique hash every time for this field. | ||
| Email/80 | sha256EmailHash | Use the sha256EmailHash function to generate the same hash for the same values of this field. | ||
| ENCRYPTEDSTRING | Text (Encrypted)/175 | This function is on our roadmap and is not available yet. | ||
| HIERARCHY | N/A | This function is on our roadmap and is not available yet. | ||
| ID | N/A | This function is on our roadmap and is not available yet. | ||
| INTEGER | N/A | defaultNumber | ||
| LOCATION | Geolocation | defaultNumber | A new function is to be implemented. | |
| LONG | N/A | This function is on our roadmap and is not available yet. | ||
| LOOKUP | N/A | This function is on our roadmap and is not available yet. | ||
| MULTIPICKLIST | Picklist (Multi-Select)/4099 | This function is on our roadmap and is not available yet. | ||
| PERCENT | Percent | defaultNumber | A new function is to be implemented. | |
| PHONE | Phone/40 | defaultText | A new function is to be implemented. | |
| PICKLIST | Picklist/255 | sha256 | A new function is to be implemented.Use the sha256 function if the pick list field is not restricted and it can take more than 64 characters. Otherwise use the defaultText function. | |
| PICKLIST | Picklist/255 | defaultText | A new function is to be implemented. | |
| REFERENCE | Lookup Relationship/18 | This function is on our roadmap and is not available yet. | ||
| REFERENCE | External Lookup Relationship | This function is on our roadmap and is not available yet. | ||
| STRING | AutoNumber/30 | uniqueHash | If the field length is greater than or equal to 50 characters. | Preparing the backward compatibility.Use the uniqueHash function to generate a unique hash value for this field every time. Otherwise use the defaultText function. |
| STRING | Text/255 | sha256 | If the field length is greater than or equal to 64 characters, | Use the sha256 function if the field can take more than 64 characters. |
| STRING | defaultText | If the field length is less than 30 characters, | ||
| TEXTAREA | Text Area (Long)/32768 | uniqueHash | If the field length is greater than or equal to 50 characters. | |
| TEXTAREA | TextArea/255 | sha256 | If the field length is greater than or equal to 64 characters, | |
| TEXTAREA | Text Area (Rich)/32768 | defaultText | ||
| TIME | Time | A new function is to be implemented. | ||
| URL | URL/255 | sha256 | ||
| URL | URL/255 | defaultText | ||
| Specifics of the compound Address field | ||||
| STRING | City/40 | uniqueHash or defaultText | ||
| PICKLIST | Accuracy/40 | defaultText | Use the sha256 if the picklist field is not restricted and its length is greater than 64 characters. Otherwise use defaultText. | |
| PICKLIST | Country/80 | sha256 or defaultText | Use the sha256 if the picklist field is not restricted and its length is greater than 64 characters. Otherwise use defaultText. | |
| PICKLIST | CountryCode | sha256 or defaultText | Use the sha256 if the picklist field is not restricted and its length is greater than 64 characters. Otherwise use defaultText. | |
| DOUBLE | Latitude/18.15 | A new function is to be implemented. | ||
| DOUBLE | Longitude/18.15 | A new function is to be implemented. | ||
| STRING | PostalCode/20 | uniqueHash or defaultText | ||
| STRING | State/80 | uniqueHash or sha256 or defaultText | ||
| PICKLIST | StateCode | sha256 or defaultText | Use the sha256 if the picklist field is not restricted and its length is greater than 64 characters. Otherwise use defaultText. | |
| TEXTAREA | Street/255 | uniqueHash or sha256 or defaultText |
Using the fixed hash function
You can use the fixed hash function to apply custom values that you need instead of using the built-in hash functions returning random strings.
This function supports the following fields types:
STRING
TEXTAREA
PICKLIST
MULTIPICKLIST
COMBOBOX
TIME
DATE
DATETIME
BOOLEAN
PERCENT
INTEGER
LONG
DOUBLE
CURRENCY
PHONE
EMAIL
URL
The length of the values that the fixed hash function can apply depends on the field type.
Deleting PROTECTED fields
note
You delete PROTECTED fields from the configuration of the InCountry Data Residency for Salesforce package only. These fields will be preserved in Salesforce itself.
You can delete the not needed PROTECTED fieds from the data store policy for a specific Salesforce object. Such fields will be no longer protected by the package when showing their values in the interface of Salesforce.
Select the Salesforce object which PROTECTED fields you want to delete.
On the list with PROTECTED fields, locate the one you want to delete.
Click the box with the down arrow and then select Delete.
If you want to delete all the fields from the current configuration of the selected Salesforce object, click Delete All Fields.