Data Classification Settings
Data Classification Settings is a Setup page where administrators enable and configure the data classification framework for the org.
Definition
Data Classification Settings is a Setup page where administrators enable and configure the data classification framework for the org. This framework allows organizations to tag fields with sensitivity levels (such as Public, Internal, Confidential, Restricted), compliance categories (GDPR, HIPAA, PCI), and data ownership information.
In plain English
“Here's a simple way to think about it: Data Classification Settings turns privacy from a guess into a property of the schema. Compliance Category, Data Sensitivity Level, Data Owner - every field can carry these as first-class metadata.”
Worked example
The admin at Apex Dynamics enables Data Classification Settings and configures the default sensitivity level to "Internal" for all new custom fields. She then sets up compliance categories for GDPR and CCPA, making it mandatory for developers to classify every new field they create, ensuring the org maintains a clear inventory of sensitive data.
Why Data Classification Settings turn privacy from a guess into a property of the schema
Before Data Classification Settings, the answer to "is this field sensitive?" lived in spreadsheets, in tribal knowledge, and in the names admins gave their fields. Now it lives on the field itself. Once the framework is enabled here, every field can carry a Compliance Category (GDPR, HIPAA, PCI…), a Data Sensitivity Level (Public through Restricted), a Data Owner, and a free-text business rationale - surfacing in setup, in API responses, and in audit reports.
The reason this is foundational and not optional is that downstream privacy tooling depends on it. Shield Event Monitoring filters, Field Audit Trail policies, Data Detect, and most third-party privacy tools all read these classifications to decide what to watch and what to alert on. Configure the framework early, define the categories that match your regulatory environment, and build the habit of classifying fields at creation rather than retrofitting later.
How to set up Data Classification Settings
Data Classification Settings let you tag fields with metadata — Compliance Categorization (PII / PHI / GDPR), Sensitivity Level, Data Owner, Field Usage. The classification is metadata only — it doesn't enforce anything by itself, but feeds into reports and data-protection workflows.
- Open Setup → Data Classification Settings
Setup gear → Quick Find: Data Classification → Data Classification Settings.
- Configure the classification picklist values
Default values exist; you can customize for your org's compliance regime (HIPAA, GDPR, PCI, internal taxonomy).
- Open Object Manager → object → Fields & Relationships → field
On any field's detail page, scroll to the Classification section.
- Set Compliance Categorization, Data Sensitivity Level, Data Owner, Field Usage
Per-field metadata. Multi-pick where applicable.
- Save
Classification metadata is committed. Reports on Data Classification Field Usage can now surface what's tagged where.
- For bulk classification: use the Field Audit Trail or Data Loader
Manual per-field classification is slow on a 1000-field org. Bulk via the API or Data Loader is faster.
PII / PHI / GDPR / PCI / etc. Customizable picklist.
Public / Internal / Confidential / Restricted. Customizable.
Lookup to User. Who's responsible for this field's data?
Active / Deprecated. Track field lifecycle.
- Data Classification is metadata only. It doesn't enforce field-level security or block access — that's still done via Profiles and Permission Sets. Classification informs governance, not enforcement.
- The default classification picklists may not match your compliance regime. Customize them upfront — changing values later requires re-classifying every tagged field.
- Without bulk-tagging tools, classifying thousands of fields is a months-long effort. Use the API to script bulk updates rather than clicking field-by-field.
How organizations use Data Classification Settings
Enabled framework early; new field creation requires classification.
Field Audit Trail policies driven by classification; high-sensitivity fields tracked automatically.
Test your knowledge
Q1. Can a Salesforce admin configure Data Classification Settings without writing code?
Q2. In which area of Salesforce would you typically find Data Classification Settings?
Q3. Why is understanding Data Classification Settings important for Salesforce admins?
Discussion
Loading discussion…