RTBF Mapping Creation
Prerequisites –
Users should have the “CC full access” permission set assigned.
De-identification Basics –
- RTBF/ De-identification allows the user to de-identify any number of records attached to the objects in the hierarchy mapped.
- Up to Nth levels of the hierarchy of objects can be mapped.
- To create the mapping for RTBF/De-identification, navigate to the Implement tab. Click on Add button on RTBF/De-identification tile.
- Fill in details in popup form. Click Save.
- Record created.
- Click on the dropdown arrow, the user will see four options
1. Add Related Object
2. Reconfigure
3. Field Mappings
4. Delete
- Add Related Object – After clicking on this user will be able to add a related object under the parent object.
All the child objects of the selected object (We have taken Account Object as a parent object here) will be shown in the list as shown below
Relationship field –
- When we create a mapping for child we have to provide the relationship field so that the application can understand the path it has to take.
- After selecting the child object the relationship field between the parent and child object will be populated automatically.
If there are multiple relationship fields, the user can select from the drop-down list of ‘Relationship Fields’
Filter Field- Filter records by entering a WHERE clause and the filter field should be like FirstName = ‘Mariko’ hence RTBF will be performed only on those records where FirstName = ‘Mariko’ as shown in the below screenshot
SETTINGS :
Delete- Data Deletion allows users to delete any number of records attached to the objects in the hierarchy mapped.
Hard Delete- Data Deletion allows users to delete permanently any number of records attached to the objects in the hierarchy mapped.
- Delete Attachments: It allows users to delete the attachments related to the de-identified record.
- Delete chatter feeds: It allows users to delete the chatter feeds related to the de-identified record.
- Delete Events: It allows users to delete the events related to the de-identified record.
- Delete Notes: It allows users to delete the notes related to the de-identified record.
- Delete Tasks: It allows users to delete the tasks related to the de-identified record.
- Delete Emails: It allows users to delete the Email activities related to the de-identified record.
- Delete Files: It allows users to delete or de-link the files which are related to the de-identified record.
Note: If the file is shared exclusively then that file will get deleted permanently from the de-identified record and if the same file is shared with two or more different records then the file will get delinked from a de-identified record and remains as it is with the second record. - Click on the Save button.
Advanced Setting :
When the user clicks on the Advanced Setting, It will expand and show Processing Order and Classification Setting
A. Processing Order: This functionality simplifies the processing of parent and related objects by allowing you to decide your own sequence within RTBF / Retention Mapping. You can leave this field ‘Blank’ to process the execution of other related objects after the sequence. This field enables the user to insert a sequence of integers, ranging from 0-99.
- For Example, If the Account is a parent and the Case is a child of the Account, the processing order for the case is 1, and the processing order for the account is 2.
- As per the processing order, the Case will be processed first for the Obfuscation/Deletion, and after that Account will processed
B. Classification Settings :
- Data Classification enables users to classify the data as per the Data Sensitivity Level. Users can decide which data is to be De-identified and which is not.
- To process the records as per Data Classification user needs to add the Data Sensitivity Level to the fields of an object.
- This functionality has been introduced in CC 2.29 version and onward.
- Users can see the Data Classification section on the De-identification mapping page as shown in the below screenshot.
- Note – To enable Data Classification functionality, follow the below path –
Setup -> Installed Package -> Configure -> De-identification -> Data Classification -> Enable Data Classification
- Reconfigure – After clicking on Reconfigure user will see two sections of settings shown below
Delete Settings -In this section user can select Delete activities like Tasks, Notes, Attachments, etc. as mentioned above.
User can also select the ‘Delete’ checkbox which will Delete whole records of the objects
After clicking on the save button user will see the Action ‘Delete’ for the object
Classification Settings – The user can De-identify the Object records as per the Data Classification and Data Sensitivity Level.
- Data Sensitivity Level
Users can add the filter based on the Data Sensitivity Level so that CC will check the Data sensitivity level of the field for the record that the user wants to do RTBF on.
- Compliance Category
The compliance acts, definitions, or regulations that are related to the field’s data.
Default values:
CCPA—California Consumer Privacy Act
COPPA—Children’s Online Privacy Protection Act
GDPR—General Data Protection Regulation
HIPAA—Health Insurance Portability and Accountability Act
PCI—Payment Card Industry
PersonalInfo—Personal information.
For use with the Enhanced Personal Information Management feature. Only available if Enhanced Personal Information Management and Digital Experiences are enabled.
PII—Personally Identifiable Information
The field corresponds to the ComplianceGroup field on the FieldDefinition Tooling API.
Data Classification works with AND and OR conditions to achieve Data Classification
The records that satisfies the Classification criteria those only records will be picked and processed.
To know more about Data Classification refer to the article “Article to be added”
- Field Mappings – Here user can add field mapping for an object. After Clicking on Field Mappings user will see all the updatable fields for the De-identification process.
- Click on the Field Mappings. Popup appears.
- Select the field for RTBF by checking the checkbox.
- Select action. There are two actions.
- Erase – This action will Erase the field after RTBF is processed.
- Obfuscate – This action will replace text with another value.
- Replace with the field will be available once user select Obfuscate in action.
- There are 3 different ways in that user can replace the original text.
- Auto-Generated
- Formula Field
- Hardcoded Value
- Auto-Generated – In this obfuscate action, the field value will be replaced by randomly generated scramble data. To achieve this obfuscation, keep the ‘Replace With’ field value as it is i.e To ‘Auto-Generated’.
- Formula Field – Another special feature of Obfuscation is replacing the field value with the formula field value.-
- Hardcoded Value -Obfuscation also supports replacing field value with hard-coded value. To achieve obfuscation using hardcoded value write the hardcoded value in the section ‘Replace With’.E.g. Removed.
- Data Sensitivity Level
Users can add the filter based on the Data Sensitivity Level so that CC will check the Data sensitivity level of the field for the record that the user wants to do RTBF on.
- Compliance Category
The compliance acts, definitions, or regulations that are related to the field’s data.
Default values:
CCPA, COPPA, GDPR, HIPAA, PCI, PII
- Comments
In the Comments section, users can add any additional information if required.
- Add to Data Vault
If a user wants to store the proof of de-identification then the user needs to select the ‘Add to Data Vault’ option.
Save the mapping.
- Delete – After Clicking on the Delete button user can delete the selected object from the mapping
Once the Parent object gets deleted, all the child objects from the mapping get deleted.
User cannot delete the master object which is at Level 1 as its a mandatory object added when a user creates a Configuration.
Nth level RTBF/De-identification
- Nth level de-identification allows the user to de-identify/deletes any number of records attached to the objects in the hierarchy mapped.
- Up to Nth levels of the hierarchy of objects can be mapped.
- Let’s add the Contact as a Level 2, Case and User objects as Level 3 objects, and CaseComment as a Level 4 object.
- Likewise, users can add as many objects to the Nth Level and add as many objects to each level.
- Once object mapping is ready, users can add fields to respective objects by clicking on the link ‘Field Mappings’ of each object to perform Nth Level de-identification.
- Click on Validate button to activate the mapping
- The Status will be turned Not Validate to Validated.
Once the mapping is completed, the user can create a PrivSec Request and can process RTBF/De-identification on records.