Insecure PII Storage

This lab covers how personal data can be exposed in Salesforce implementations and how to enforce encryption, minimization, access controls, and compliance-ready handling patterns.

Executive Summary

Insecure PII storage occurs when sensitive personal information is stored or exposed without adequate protections. In Salesforce, risk is driven by weak field protections, broad data access, and insufficient lifecycle controls for regulated data.

Salesforce Attack Surface

  • Unencrypted custom fields containing regulated identifiers
  • Broad profile/permission-set access to sensitive fields
  • PII copied into logs, exports, and integration payloads
  • Reports and list views exposing unnecessary personal data
  • Backup and archival paths without equivalent protection controls

Business Impact

  • Privacy harm: identity theft and user trust erosion
  • Regulatory violations: GDPR, CCPA, HIPAA, PCI-related exposures
  • Legal and financial penalties: remediation and notification costs
  • Operational disruption: incident response and audit intervention

PoC Use Cases

// Vulnerable pattern: plain-text sensitive field
Contact c = new Contact();
c.SSN__c = '123-45-6789';
insert c;

// Vulnerable pattern: unrestricted query of sensitive attributes
List<Contact> rows = [SELECT Id, Name, SSN__c, DOB__c FROM Contact];

Confirm exploitability by demonstrating unauthorized retrieval of data that should be restricted or masked.

Testing Methodology

  • Classify PII fields and map storage and exposure points
  • Test encryption-at-rest and transport controls for relevant flows
  • Validate FLS, sharing, and report visibility boundaries
  • Assess masking behavior in UI, logs, exports, and integrations
  • Document compliance gaps and exploitability evidence

Secure Engineering Patterns

  • Use Salesforce encryption capabilities for regulated fields
  • Apply strict FLS and least-privilege profile design
  • Mask sensitive data in UI and operational tooling
  • Minimize collection and retention of personal data
  • Audit access and define incident-ready monitoring controls

Verification Checklist

  • All sensitive fields have defined protection and retention policy
  • Unauthorized profiles cannot view or export protected data
  • Masking and redaction work across UI and operational logs
  • Encryption and key-management controls are validated in practice
  • Compliance evidence supports audit and review requirements

Lab Exercises

This lab includes hands-on exercises to practice identifying and fixing insecure PII handling in Salesforce data models and workflows:

  • Exercise 1: Identify high-risk PII storage locations
  • Exercise 2: Apply encryption and access restrictions
  • Exercise 3: Implement masking and safe display behavior
  • Exercise 4: Validate restricted access using test personas
  • Exercise 5: Produce compliance-oriented verification evidence
Start Lab Back to Labs