What is sensitive data?
Many customers must ensure that confidential or sensitive data remains within their production tenant during operations such as tenant refreshes or exports. This is a critical compliance requirement, particularly when individuals working in Development or Test environments may not have the necessary permissions to access this sensitive information.
By default, any data marked as sensitive will be obfuscated (masked) during a tenant refresh.
What data can be marked as sensitive?
To achieve this goal, clients now have the ability to flag fields as sensitive at the object level. The following field types can be marked as sensitive:
- Text
- Multiline Text
- Rich Text
- Number
- Decimal
- Currency
- DateTime
- Date
- Time
- Yes/No
Additionally, special consideration has been given to the Person object. The following fields for Person are marked as sensitive by default:
- Name
- Address 1
- Address 2
- Address 3
- Business Email
- Business Phone
- Direct phone
- First Name
- Last Name
- Mobile phone
- Personal email
How can fields be flagged as sensitive?
The process involves modifying the fields on the object properties itself. This can be achieved by modifying a form based on the object; or by using the application toolbox. (Refer to https://readinow.knowledgeowl.com/docs/creating-an-object for more details on the application toolbox).
- Open a form for the desired object in builder mode.
- Navigate to the field to be configured.
- Click the configuration icon.
- In the properties dialog, expand Options and click Object Detail
- Check the box labelled Sensitive
- Click OK to close the properties dialog
- Repeat the process to mark further fields as sensitive, if required.
- Remember to save the form. This saves both the form and the object itself.
What happens to sensitive data during the obfuscation process?
The method of data obfuscation varies depending on the type of field. Below are the details for each field type:
Text, Multiline Text, and Rich Text Fields: The existing data will be transformed into a hashed string using the SHA2_256 hashing algorithm. Please note that the length of the hashed string will differ from the original string. Any defined minimum and maximum values for these fields will be disregarded during this process.
Number, Decimal, and Currency Fields: If a minimum value is specified for the field, the obfuscation process will set the new value to this minimum. If no minimum value is defined, the new value will default to 0.
Date and DateTime Fields: For fields with a defined minimum value, the new value will be set to this minimum. If no minimum is specified, the date will default to January 1, 1753.
Time Field: For a time field with a defined minimum value, the new value will be set to this minimum. If no minimum is specified, the time will be set to midnight.
Yes/No Fields: The value will be replaced with a randomly generated Boolean.
Anything else I should know?
Marking a field as sensitive in a parent object will mark the field as sensitive for any child object, as expected with object inheritance. (More information on object inheritance can be found here.)
Sensitive data will be obfuscated (masked) by default during any operations that involve copying or exporting data from a production tenant. This option can be disabled upon request. If you prefer that your data not be obfuscated during a tenant refresh, please ensure to include this request in your tenant refresh ticket.
[link to article on tenant refresh]