Salesforce Dictionary - Free Salesforce GlossarySalesforce Dictionary
DictionaryDData Classification Settings
AdministrationIntermediate

Data Classification Settings

Data Classification Settings is the Salesforce Setup area that hosts the org's Data Classification feature: per-field classifications (Sensitivity Level, Compliance Categorization, Data Owner) plus the Download and Upload utilities that let admins manage classifications in bulk via CSV.

§ 01

Definition

Data Classification Settings is the Salesforce Setup area that hosts the org's Data Classification feature: per-field classifications (Sensitivity Level, Compliance Categorization, Data Owner) plus the Download and Upload utilities that let admins manage classifications in bulk via CSV. The page is the central surface for Data Classification policy, the configuration UI for per-field metadata, and the entry point for the bulk audit and update workflow that mature data governance teams rely on.

Data Classification Settings exists because every regulated org needs to know what data lives in which fields and how sensitive each field is. The classification metadata drives downstream policy: which fields require Shield Platform Encryption, which fields appear in PII compliance reports, which fields the DSR (data subject rights) workflow needs to scope. Without Data Classification Settings, the data inventory lives in a spreadsheet someone updated two years ago; with it, the inventory lives in the platform metadata and stays current with the schema.

§ 02

Why Data Classification Settings is the central data inventory surface in regulated Salesforce orgs

Where Data Classification Settings lives in setup

Setup, Data Classification Settings. The page shows the org-wide policy (which classification dimensions are enabled, what values are allowed per dimension), the per-field classification surface (assigned through Object Manager, Field, Data Classification), and the bulk Download and Upload utilities. The org-wide policy sets the vocabulary (Public, Internal, Confidential, Restricted as the Sensitivity Level values, for example); per-field assignment applies those values.

The four classification dimensions

Salesforce ships four standard classification dimensions admins populate per field. Sensitivity Level captures how sensitive the data is (Public, Internal, Confidential, Restricted). Compliance Categorization captures regulatory scope (PII, PCI, HIPAA, GDPR, none). Data Owner captures the team or person responsible for the data definition. Data Sensitivity Description is a free-text field for additional context. Each dimension is independent; a field can be tagged Confidential + PII + owned by Compliance Team + with descriptive context. The combination produces the field's classification profile.

Per-field assignment workflow

Object Manager, pick the object, pick the field, the Data Classification section appears in the field detail. Admins set the values for each enabled dimension. The save updates the field's metadata; the classification is now queryable and exportable. Per-field assignment is fine for new fields one at a time; for bulk classification of hundreds or thousands of existing fields, the Download/Upload CSV workflow is the practical path.

The Download and Upload utilities

Data Classification Download exports per-field classification metadata as a CSV for offline review and analysis. Data Classification Upload ingests an updated CSV and applies the changes back to the field metadata. The two utilities together support the audit workflow: download the current state, review for gaps and drift, update the CSV, upload corrections. Without the bulk utilities, classification work at any scale is impractical.

Downstream consumption of classification metadata

Classification metadata is queryable via SOQL on the FieldDefinition object (which exposes the classification properties). Custom Apex, Flow, and external integrations can read the classifications and apply policy. Common patterns: a Flow that requires extra approval when a field tagged PII is updated, an Apex trigger that logs access to Confidential-tagged fields, an integration that filters PII fields out of analytics exports. The classifications are most valuable when downstream code actually consumes them; configuration alone produces inventory but not enforcement.

Policy configuration: enabling dimensions and value sets

Data Classification Settings includes the policy configuration. Each dimension can be enabled or disabled org-wide. The value set for each dimension can be the Salesforce defaults or customized to the org's policy (a healthcare org might add HIPAA-PHI as a Compliance Categorization value). Customizing the value sets is a one-time decision aligned with the org's data governance policy; changes propagate to the per-field surface and the Download/Upload CSV schema.

Audit, governance, and the quarterly review

Data Classification is a discipline, not a one-time setup. New fields added without classification are the most common drift signal. The quarterly review: pull the Download, identify unclassified fields, follow up with field owners, upload corrections. Compliance audits frequently ask for evidence that the classification is current; the quarterly cadence produces the evidence trail. Mature regulated orgs treat the cadence as a permanent operational responsibility, not a project to complete.

§ 03

How to roll out Data Classification Settings for a regulated org

The rollout pattern: enable the dimensions, customize value sets to org policy, classify existing fields in bulk via Download/Upload, train field owners on classifying new fields, audit quarterly. The cost is real; the compliance benefit is the evidence regulators want.

  1. Coordinate with compliance on the policy

    Which dimensions to enable, which values per dimension, who owns classification per field. The policy drives every configuration choice.

  2. Open Data Classification Settings and enable the dimensions

    Setup, Data Classification Settings. Toggle on Sensitivity Level, Compliance Categorization, Data Owner per the policy.

  3. Customize value sets if needed

    Add HIPAA-PHI or industry-specific compliance categories. Customize Sensitivity Level labels if the org uses different terminology.

  4. Download the current state via Data Classification Download

    The download surfaces every field, with or without existing classification. The starting state for the bulk classification work.

  5. Classify existing fields in the CSV

    Coordinate with field owners or use defaults for low-risk fields. Update Sensitivity Level, Compliance Categorization, Data Owner per row.

  6. Upload the updated CSV via Data Classification Upload

    The Upload applies the classifications back to field metadata. No code deployment needed.

  7. Train field owners on classifying new fields

    New field creation should include classification assignment. Add to the field-creation checklist; train new admins on the requirement.

  8. Schedule the quarterly audit cycle

    Download, identify gaps, follow up, upload corrections. The cycle is the operational discipline that keeps classifications current.

Key options
Enabled dimensionsremember

Which classification dimensions are active org-wide. Drives the per-field surface and the Download/Upload CSV columns.

Value sets per dimensionremember

Salesforce defaults or org-customized values per dimension. Aligns vocabulary with org policy.

Per-field assignmentremember

Object Manager, Field, Data Classification section. The granular configuration surface.

Bulk Download/Uploadremember

The CSV-based bulk classification workflow for any scale beyond a few fields.

Downstream Flow or Apex consumptionremember

Custom logic that reads FieldDefinition classification metadata to enforce policy at runtime.

Gotchas
  • Per-field assignment is impractical past a few dozen fields. Use the bulk Download/Upload workflow for any meaningful scale.
  • Value-set customization is org-wide. Changing values affects every field already classified; coordinate with compliance before changing.
  • Classifications go stale as fields are added or repurposed. The quarterly audit is the only reliable freshness mechanism.
  • Configuration alone is inventory, not enforcement. Downstream Flow, Apex, or integration consumption is what turns classification into compliance benefit.
  • New field creation often skips classification assignment. The field-creation checklist needs to require classification or the inventory drifts immediately.
§

Trust & references

Sources

Cross-checked against the following references.

Official documentation

Straight from the source - Salesforce's reference material on Data Classification Settings.

Keep learning

Hands-on resources to go deeper on Data Classification Settings.

Was this entry helpful?
Help us write better definitions. Quick reactions or detailed edit suggestions.

About the Author

Dipojjal Chakrabarti is a B2C Solution Architect with 29 Salesforce certifications and over 13 years in the Salesforce ecosystem. He runs salesforcedictionary.com to help admins, developers, architects, and cert/interview candidates sharpen their fundamentals. More about Dipojjal.

§

Test your knowledge

Q1. Can a Salesforce admin configure Data Classification Settings without writing code?

Q2. In which area of Salesforce would you typically find Data Classification Settings?

Q3. Why is understanding Data Classification Settings important for Salesforce admins?

§

Discussion

Loading…

Loading discussion…

Back to Dictionary