Data Classification Settings let you tag fields with metadata — Compliance Categorization (PII / PHI / GDPR), Sensitivity Level, Data Owner, Field Usage. The classification is metadata only — it doesn't enforce anything by itself, but feeds into reports and data-protection workflows.
- Open Setup → Data Classification Settings
Setup gear → Quick Find: Data Classification → Data Classification Settings.
- Configure the classification picklist values
Default values exist; you can customize for your org's compliance regime (HIPAA, GDPR, PCI, internal taxonomy).
- Open Object Manager → object → Fields & Relationships → field
On any field's detail page, scroll to the Classification section.
- Set Compliance Categorization, Data Sensitivity Level, Data Owner, Field Usage
Per-field metadata. Multi-pick where applicable.
- Save
Classification metadata is committed. Reports on Data Classification Field Usage can now surface what's tagged where.
- For bulk classification: use the Field Audit Trail or Data Loader
Manual per-field classification is slow on a 1000-field org. Bulk via the API or Data Loader is faster.
PII / PHI / GDPR / PCI / etc. Customizable picklist.
Public / Internal / Confidential / Restricted. Customizable.
Lookup to User. Who's responsible for this field's data?
Active / Deprecated. Track field lifecycle.
- Data Classification is metadata only. It doesn't enforce field-level security or block access — that's still done via Profiles and Permission Sets. Classification informs governance, not enforcement.
- The default classification picklists may not match your compliance regime. Customize them upfront — changing values later requires re-classifying every tagged field.
- Without bulk-tagging tools, classifying thousands of fields is a months-long effort. Use the API to script bulk updates rather than clicking field-by-field.