salesforce-data-handling

# Salesforce Data Handling ## Overview Handle sensitive data correctly when integrating with Salesforce: PII classification, GDPR/CCPA compliance with Salesforce's Individual object, data retention, and field-level encryption. ## Prerequisites - Understanding of GDPR/CCPA requirements - Salesforce org with data classification enabled (Setup > Data Classification) - For encryption: Salesforce Shield license (Platform Encryption) ## Instructions ### Step 1: Salesforce Data Classification ```typescript // Salesforce has built-in data classification on fields // Setup > Object Manager > [Object] > Fields > [Field] > Edit > Data Sensitivity Level // Query field classification metadata const conn = await getConnection(); const contactMeta = await conn.sobject('Contact').describe(); const sensitiveFields = contactMeta.fields .filter((f: any) => f.compoundFieldName === null) // Skip compound fields .map((f: any) => ({ name: f.name, label: f.label, type: f.type, encrypted: f.encrypted || false, // Check custom data sensitivity via field metadata })); // PII fields in standard Salesforce objects const PII_FIELDS: Record<string, string[]> = { Contact: ['FirstName', 'LastName', 'Email', 'Phone', 'MailingAddress', 'Birthdate'], Lead: ['FirstName', 'LastName', 'Email', 'Phone', 'Company'], Account: ['Phone', 'Website'], // Less PII, but may contain it User: ['Email', 'Phone', 'Username'], Case: ['SuppliedEmail', 'SuppliedName', 'SuppliedPhone'], ...