Step 3: Selection of Crypto Technique

Click on the ‘Configure’ button on the Installed Packages page.


1. After clicking on the ‘Configure’ button, a new window will open showing the four options in tab –

  1. De-identification
  2. Self Service 
  3. Debugger
  4. Trigger

Users need to select the crypto technique to securely store the proof of de-identification. Once the technique is selected then it cannot be altered. ‘Cloud Compliance’ creates and secures the proof of de-identification by storing it in an encrypted format using One-way hash or encryption techniques. 


One-way hash format: ‘Proof of de-identification’ information from the original de-identified record is not accessible in a clear text format. It can only be searched against.

Encrypted format: ‘Proof of de-identification’ information from the original de-identified record is displayed in a clear text format. It can be searched against and the original values are accessible with appropriate access.

NOTE: Refer to the following table and determine the crypto approach that suits your company’s data regulation policy.

Crypto TechniqueDescriptionReferenceAdvantages
One-way HashOne way hashed records cannot be unencrypted.Refer Salesforce Documentation  Creating Hash DigestsSearch only returns a confirmation whether the searched value was part of a de-identified record and the Id(s) of the original record(s)
Ideal when only a ‘Proof of de-identification is needed
EncryptionEncrypted records can be de-encrypted.

The search returns a complete decrypted record.
Refer Salesforce Documentation    Hash-Based Message Authentication Codes (MAC)Less secure compared to One-way hash. The search returns all fields of the record as unencrypted data. Ideal for customers that need proof of de-identification information for auditing purposes.

Powered by BetterDocs