Step 4: User Obfuscation – Special Case

  • Scrambles users’ data on their request when they no longer want their personal data recognized in Salesforce.
  • The user’s detailed page exists, but the fields contain meaningless strings of characters.
  • User de-identification will wipe out all the standard fields available on User Object excluding a few fields such as the user ID, timezone, locale, and profile.
  • This method requires the org’s User Management setting, Scramble Specific Users’ Data, which can be enabled from Setup.

Solution –

1. By using Standard User Obfuscation API

‘Use Standard User Obfuscation’ is a checkbox that will appear only when we add a User object for de-identification. Suppose the user has created a De-identification mapping for the user object like below.

Click on the Reconfigure from the dropdown

Click on the Advanced Settings, the user will see the checkbox ‘Use Standard User Obfuscation

Check the checkbox and click on the Save button

By checking this checkbox, the user can add only custom fields in field mapping because all the standard field values will be de-identified as per the salesforce Standard User Obfuscation method.

After the user record satisfies the de-identification process, the custom fields in user records will be de-identified as per the field mapping created by the user and standard fields will be de-identified as per the standard Obfuscation method eg. FirstName, LastName, Email, etc 

2. Without using Standard User Obfuscation API – 

When the user unchecks the checkbox ‘Use Standard User Obfuscation’, the user will be able to see all the standard and custom fields except the ‘Email’ field in the field mapping.

Note – If we update the email field, the email update notification will be sent to the user which is not advisable in the user obfuscation process. Hence we do not show the email field for an update in the field mapping section when a user opts for User Obfuscation by CC’s Custom logic.

Here, whichever fields (standard or custom) are selected by the user in the field mapping will only be de-identified with the action mentioned in the mapping. No additional field will get processed automatically.

To de-identify the User object record without using the Standard Obfuscation method user can uncheck the checkbox.

Click on the Save button

The field mapping with the combination of standard and custom fields for the User object looks like below.

After De-identification, the user can see the processing of the user record as per the field mapping and respective actions.

Likewise, you can use any of the above two ways for User De-identification as per your business requirement.

Note –

  • Invoking the User De-identification method with Standard Salesforce’s user Obfusctaion API or CC’s Custom logic to de-identify user records doesn’t trigger an email change notification.
  • In a special use case when Community users want to de-identify their own data, Cloud Compliance’s cascade de-identification can be implemented. This is because community users will be associated with contact records in salesforce. Hence, obfuscating only user records won’t be resulting in sufficient de-identification. Hence, Cascade de-identification where Parent is contact and child is a user will result in sufficient de-identification of a user along with its related contact record.
  • Another use case, where Individual is associated with User, cascade de-identification with Parent as Individual and child as User object can serve the purpose of successful de-identification.