SECURING SENSITIVE EMPLOYEE HEALTH DATA
OVERVIEW
Our client is one of the largest employers on the West Coast and is constantly trying to improve the HR processes for a better experience for employees. And while doing so, they need to follow CCPA, HIPAA, GDPR and other rules as different regions and countries make changes and create new rules.
THE CHALLENGE
Our customer needed to begin storing employee health information securely. Since Salesforce was already widely used across the organization, adopting a new system was not preferred. The preferred path was to augment Salesforce so that it could meet the information security team’s stringent red system certification requirements.
TECHNOLOGIES & SERVICES
Salesforce Service Cloud
Salesforce Shield
OUR SOLUTION
We needed more than Salesforce Classic Encryption, so we leveraged Shield Platform Encryption to secure standard and custom fields as well as attachments and files—an essential requirement for this project. The information security team mandated the use of probabilistic encryption, which, while enhancing security, made filtering and searching (using WHERE clauses in SOQL) impossible. To address potential misuse, we implemented monitoring to detect when users accessed an unusually high number of records within a given time frame and automatically block such activity. Finally, we enabled the enhanced Field Audit Trail feature, extending field history retention from the standard 24 months to 10 years.