Resources Blog

How to Seamlessly Integrate Privacy Measures into your Salesforce Data Strategy


Aug 31, 2023

Salesforce data security

Navigating the data privacy landscape amid regulations

If this sounds daunting to you, it doesn’t have to be. And here’s why…

While it’s true that enterprise customers can find themselves tasked with adhering to industry-specific and geo-specific regulations as they expand their Salesforce data across Orgs – making data privacy efforts seem like an uphill task – there’s a silver lining.

With the right approach, you can seamlessly integrate privacy into your Salesforce data strategy.

The webinar ‘Top 5 Considerations for Incorporating Privacy into your Broader Salesforce Data Strategy’ hosted by Chandler Anderson, Principal Member of Technical Staff, Innovation at Odaseva, Janalyn Schreiber, CIPM, CISSP, CDPSE, Partner at Data Privacy & Security Advisors LLC, and Mike Smith, FIP, CIPT, CIPP/US, CISSP, CCSK, Distinguished Security Architect at Salesforce discuss this topic in detail. 

Get a glimpse into the webinar in this snippet below:

Below is an overview of the key points discussed in the webinar, which explores the intricacies of implementing privacy measures for Salesforce data, particularly in light of emerging privacy trends, and how to seamlessly integrate these measures into a comprehensive data strategy.

NOTE: Unlock additional content on the topic by downloading the whitepaper The Top 5 Considerations for Operationalizing Privacy for Salesforce Data.

Privacy Consideration #1: The 2023 U.S. State law landscape 

The 2023 U.S. state law landscape has been witnessing a flurry of activity in the privacy domain, with numerous states enacting or proposing privacy laws. These laws maintain a strong focus on individual rights, granting people the power to control their data and communicate with businesses about their information. As a result, businesses face the challenge of adapting and complying with various regulations, necessitating internal risk assessments. Ensuring compliance with consumer rights and meeting business obligations is crucial to avoiding potential financial penalties.

Salesforce Implication

It is highly likely that your Salesforce Org contains personal data that is now subject to regulation under these new privacy laws. If you track prospects or customers located in California or Virginia, and their records contain email addresses, home addresses, credit card numbers or social security numbers, those qualify as highly sensitive data.

This is why data compliance should be on the Salesforce team’s roadmap. 

Privacy Consideration #2: Managing and categorizing Salesforce data for privacy and security risk prevention

Between the activity at the state level and the nuances of the personal data that might exist within your Salesforce environment, examine the areas with potential regulatory impact. Consider structuring a program that aligns with the highest level of stringency. Having to deal with multiple, massive program components for various regulations increases the chances of inadvertently overlooking critical factors.

Salesforce Implication

The Salesforce data model that has large volumes of sensitive business data requires a thorough grasp of the Salesforce data landscape.

This is why some kind of framework for categorizing that data is important.

Privacy Consideration #3: How organizations could use AI to expose sensitive data

AI applications have been garnering significant attention and viewership lately. Not only do these tools seek training data and encourage user adoption, they want users to input their data to enhance and refine their models through training.

Providing your data comes with implications, whether positive or negative. While anonymization is part of the process, the destinations where the data ends up remain unclear. Given that this technology is still in its nascent stage, this topic must be approached with care. For businesses especially, it’s important to choose AI options from vendors you already trust and have established relationships with.

Salesforce Implication

Salesforce has an array of tools that empower organizations to execute processes while adhering to compliance guidelines, ensuring utmost data security. And with products like Einstein, Salesforce has an established history of serving enterprise AI use cases.

You can count on Salesforce AI products to stand at the forefront in terms of their capabilities, without jeopardizing your data strategy. 

Privacy Consideration #4: Understand data retention requirements

When considering data retention, the first step is to understand what the regulations are. Data has a lifespan and it eventually will become outdated, at which point, it should be responsibly eliminated. This is because data should only be collected, used, and retained in accordance with the underlying reasons for its acquisition. 

Salesforce Implication

Salesforce can enable organizations to maintain data retention policies in the following ways:

  • Data classification to understand where sensitive data is stored
  • Automated processes to filter and delete data that is no longer needed
  • Data anonymization to obfuscate personal data
  • An archive or retention database to keep sensitive data for audit purposes while limiting exposure in production environments
  • A Right-To-Be-Forgotten (RTBF) process which handles customer requests to remove sensitive data from records while retaining non-sensitive historical data

Privacy Consideration #5: Data Subject Access Request requirements

CCPA stands out as the most comprehensive set of rights available. It is in alignment with GDPR, which has led to a standardized understanding of the rights individuals ought to be granted by businesses with regard to their data – the right to know what data the business has on on the individual, what they’ve collected, what they’re processing, the individual has the right to ask that data be deleted. The individual also has the right to opt out of the sale of personal information.

Salesforce Implication

Businesses can leverage native Salesforce reporting to gain insight into configured field data classifications. Administrators can create a custom report type for Entity Definitions with Field Definitions, and build reports and dashboards to track how fields are configured, as well as fields missing this metadata.

Also, Salesforce provides the Individual object with numerous built-in fields to facilitate data management, including lifecycle tracking. Leveraging this standard object can tie together different instances where an individual is represented in the data model. Regardless of whether it’s a dedicated DSR object within Salesforce or an external solution, it is crucial to establish and maintain an efficient process for customers or representatives to fulfill requests promptly

How can Odaseva help?

Odaseva, the leading Enterprise Data Protection Platform protects and secures your Salesforce data. The term “platform” signifies Odaseva’s comprehensive toolkit that has the depth and intricacy required to seamlessly adapt to specific Salesforce requirements. 

Learn more about how Odaseva can assist you in incorporating privacy into your Salesforce data strategy in the webinar Top 5 Considerations for Incorporating Privacy into your Broader Salesforce Data Strategy.

Close Bitnami banner