Exercise 6: Secure Your Data with Shield

In this exercise, you'll use Salesforce Shield's Data Detect capabilities to proactively scan your org for sensitive data that may be stored in unexpected places.

Scenario

Your company is preparing to launch a high-stakes international expansion. This involves handling sensitive metadata, executive contract details, and private financial agreements. Leadership is concerned that over-privileged admins or curious users might access this data undetected, or that sensitive information might be hiding in plain text in unexpected fields.

Admins can secure their Salesforce data with Shield, a suite of add-on products that includes the ability to:

• Encrypt data at rest
• Monitor events including user activity
• Get a comprehensive audit trail of changes made to your data
• Identify sensitive data you may not know exists

PII Information

PII (Personally Identifiable Information) is any data point that can be used to uniquely identify, contact, or locate a specific individual. Think of it as a digital fingerprint — the data that says, "This record belongs to this exact person."

Storing sensitive data such as Social Security numbers or home addresses in Salesforce requires careful access management and strong security controls. Some data types carry especially high sensitivity because unauthorized exposure can create immediate privacy, compliance, or fraud risks:

• Government IDs: Social Security Numbers (SSNs), driver's license numbers, passport numbers, and Taxpayer IDs
• Financial Data: Credit card numbers, bank account numbers, and debit card details
• Contact Info: Full legal name, home address, and personal cell phone numbers

Step 1: Create a Policy in Data Detect

Before you scan your data, you have to know what you're looking for.

1. Open the App Launcher.

2. Type Shield into the search bar.

   

3. Click Shield.

4. Click Manage Policies in the Data Detect window.

   

5. Click New.

   

6. Enter the following values into your policy:

   Field	Value
   Policy Name	PII Detection Policy
   Description	Detect potential PII in standard CRM records
   Date Range Start	01/01/2026
   Date Range End	(Select Today's Date)
   Compliance Category to Exclude	PII

7. Click Save.

8. Click Add Object.

   

9. Select Contact.

10. Check the box next to all fields.

11. Click Done.

    Select all fields the first time you're doing a discovery scan, or target specific text fields where you suspect sensitive data might be hiding — for example, Description or custom text fields.

    

12. Click Sensitive Data Categories.

    

13. Click Add sensitive data categories.

    

14. Click + next to the following fields:

    Field
    Credit Card Number
    Social Security Number

    

15. Click Done.

Step 2: Find the Risk Using Data Detect

1. Click Run Scan.

   

2. Click Scan Policy.

   

   Your scan will enter a queue. You can continue with the rest of the workshop and check your results later by opening Data Detect and selecting View Scan Results.

Summary

You used Salesforce Shield's Data Detect to proactively scan your org for sensitive data, including PII that may be stored in unexpected places. Identifying these risks is the first step toward securing sensitive data through stronger monitoring, access controls, and encryption.

While other Shield tools focus on protecting or monitoring data, Data Detect is about discovery — it tells you where the "secret" data is actually hiding so you don't have to guess. For an admin managing a large Salesforce org, Data Detect helps you regain control of your data footprint.