How Anonymization Works

    Data Anonymization

    OwnBackup supports automatic data anonymization capabilities as part of the Enhanced Sandbox Seeding (ESBS) tool. This capability allows users to automatically anonymize several fields that may contain private/sensitive/identifiable information. The library that is leveraged is based on ​Faker​​.

    OwnBackup will anonymize fields in the selected sObject(s) based on their Type, Compliance Category, Sensitivity Level or Label and will use the appropriate anonymization functions to match that fields’ value format. For example, email type fields will be anonymized to values in email format.

    Retaining Distribution and Data Integrity

    To maximize the data quality, a given value that is anonymized will be anonymized to the same value when encountered again on the same field type in the same Job, thus preserving the original distribution of values & integrity.

    For example, if the Country field value was originally ‘Cuba’, and was anonymized to ‘Peru’, every record in the same job, where the country field is 'Cuba' will be anonymized to ‘Peru’.

    Blank Values

    The following values are never anonymized:​

    • Blank (empty string)
    • NA
    • [not provided]
    ​Field Type Identification

    As Salesforce’s schema does not provide identification for all fields containing sensitive information, OwnBackup will use the following process to determine which fields to anonymize (and the appropriate matching anonymization functions):

    ​​Address fields​​:  Street, City, State, Country, and Postal Code fields will be determined by their Label.

    ​Names​​: Account Name field will use a company name anonymization. Contact Name field will be anonymized via a person names anonymization function. Other Name fields will be anonymized as regular strings. FirstName and LastName field names will be anonymized accordingly.

    ​​​Personal identifiable information​​: Email, Phone and URL fields are identified by their corresponding field types.

    National ID numbers​​: Social Security Number, Social Insurance Number, National Insurance Number are identified via the “MaskType” property.  The ‘all’ MaskType field types are anonymized via the SIN anonymization function.

    ​​​Financial Credit card fields​​: Identified via the ‘creditCard’ MaskType.

    ​​​Other​​: All encrypted string field types are also anonymized as string fields, according to their original length.

    ​Field History Tracking

    When using the OwnBackup Anonymization tool, OwnBackup will be able to anonymize the records in the selected Salesforce Sandbox. This does not manipulate the Field History Tracking in Salesforce as History tables are Read-Only. If anonymizing data in a Sandbox with OwnBackup, it is recommended to disable Field History Tracking and re-enabling if required.

    ​You can turn off field-history tracking from the object’s management settings. Below is a Salesforce Article on how to disable Field History Tracking in your Sandbox.

    ​To disable Field History Tracking, see more information ​here​​.

    ​Compliance Categorization and Data Sensitivity Level

    When using the Anonymize tool, fields with Data Sensitivity Level and Compliance Categorization in Salesforce are set by OwnBackup. OwnBackup sets a data sensitivity level from the field, and identifies if the field needs to be anonymized.

    ​A field is marked as sensitive information by the following field properties:

    ​​​Compliance Categorization​​: The compliance acts, definitions, or regulations that are related to the field’s data. When the field contains a value that is not public, OB suggests an anonymization value.

    ​​​Data Sensitivity Level​​: The sensitivity of the data contained in this field. When the field contains a default value of Internal, Confidential, Restricted or MissionCritical, OB suggests an anonymization value.

    ​Once the Compliance Categorization and Data Sensitivity Level is recognized, OwnBackup suggests to anonymize the fields. If the field is marked as private or sensitive information, the recommended replacement value is automatically recommended. However, if OwnBackup is unable to recognize the categorization, then the anonymization is randomized.

    Additional Information

    ​For more information about Enhanced Sandbox Seeding, see ​here​​.

    ​For more information about Anonymize, see ​here​​.

    ​For more information about Replicate, see ​here​​.

     

     

    Attachments

    « Previous ArticleNext Article »


    Contact Us

    Our Customer Support team is available by phone for urgent Production issues

    Standard Plan: Monday – Friday: 9:00 AM – 6:00 PM Local Business Hours

    Premier Plan: 24/7