Relational structure Anonymization supported by Data Retention

Overview :

Consider a use case where automated data de-identification is implemented using Data Retention. The requirement is to de-identify all related objects, along with the target object mentioned in Data Retention mapping. This can be accomplished by using the following solution steps.

Solution Steps –

  • Cloud Compliance Data Retention mapping uses three custom fields – Retention Criteria (Formula field used to Automate Data De-identification based on criteria), Retention Status (Retention Processing Status), and Retention Error (Details of Error in case process failure).
  • When the Data Retention batch processing is successful, the Retention Status field value is set as ‘PROCESSED’. This solution uses this field as the retention criteria for other related objects.
  • Consider the target object record to be automatically de-identified is Account (Parent Object) which contains Contact records as Child and Case as a grandchild. 
  • The first step is to create Data Retention mapping for the Account i.e Parent record as per the required criteria. Here, considering Account Retention (Checkbox) as the simple formula field. So when this field is true, the account record will be de-identified.
  • Create a second Retention mapping which will be for Child Object – Contact in this. This Data Retention mapping will be executed only when its Parent record is already de-identified. Create the formula field (which is the criteria for retention) with the name ‘Is Parent Record de-identified?’ which will be used for Contact Retention. This formula field will be  Account.Account_Retention_Status__c  = ‘PROCESSED’.

If this formula field returns true then the Contact record will be de-identified.


  • The Data Retention mapping for Child Object (Contact in this case) will be as follow –
  • Similarly, create Data Retention Mapping for Grandchild object  – Case object in this use case. Create a new formula field with the name ‘Is Child Object De-identified?’ . The formula field which is nothing but the criteria for Case (grandchild) Data Retention Mapping will be as follows: Contact.Contact_Retention_Status__c = ‘PROCESSED’.

The Case Data Retention mapping (grandchild) will be as follow – 


Note – Make sure that Child Data Retention Mapping is scheduled to be executed after Parent Data Retention processing. Similarly, Grandchild Data Retention Mapping is scheduled to be executed after Child Data Retention processing. Users can provide scheduled time while configuring the mapping.


  • Now when the Account record fulfills the retention criteria, it will be automatically de-identified. If the Data Retention for account record is successful then the Retention Status flag on Account will be set to ‘PROCESSED’. This, in turn, evaluates the formula field on Child object .i.e Contact and Sets it to True. Now when Contact Data Retention will be executed as per the schedule, this contact record will be de-identified making Contact Retention Status as ‘PROCESSED’. In a similar way, a formula field on the grandchild record will be set to true. This will de-identify the grandchild record i.e. Case record.

In this way, all records related to Parent (Account) will be automatically de-identified by Using three different retention rules.

Powered by BetterDocs