Several best practices that help businesses ensure data quality and integrity when using data cloud solutions are as below:
Data Spaces
Admins use Data Spaces, a governance feature to create logical partitions data for unifying profiles, insights, and marketing in Data Cloud.
Categorize by Segregating data, metadata, and processes, such as brand, region, or department. Users have to be enabled to view and work on data in the context of the categorization.
Platform Encryption
Every customer requires different specifications for auditing and compliance reporting like customers require tenant specific encryption keys, control over key material or improved key visibility. Options for Encryption key control and visibility are added for expanding Platform encryption for data cloud on Data Cloud’s robust security services.
Data is encrypted at rest in AWS by Salesforce-managed data encryption keys (DEKs). Platform Encryption for Data Cloud generates a Data Cloud root key in Salesforce. Data Cloud root keys are specific to the org as they control the DEKs that encrypt and decrypt data. In this way, chain of keys that encrypt data are controlled.
For Setup follow the steps as mentioned:
- On enabling Platform Encryption for Data Cloud, first root key is generated.
- Data Cloud root keys can be periodically rotated.
- Information related to Data Cloud root keys, about when they were generated and by whom, is accessible in Salesforce Setup.
Default Data Cloud Encryption without Platform Encryption
By default,
- Data Cloud uses end-to-end encryption for securing data during its transit into Data Cloud and products within the trust boundary.
- Cloud-native disk encryption for data stored at rest is provided by Hyperforce’s infrastructure-level encryption.
- Salesforce stores infrastructure level keys securely and rotates them regularly as they are not tenant specific.
Data Ethics
Adopt Data Ethics best practices when using Data Cloud to earn customer’s trust.
Data ethics are moral information about the gathering, protection, and use of personally identifiable information affecting individuals.
Use and Collect Individual Information Appropriately
Customers should be able to given preferences on deciding how to use their data and these preferences have to be honoured. Data Cloud builds customers unified profile to help track and honor their preferences throughout Omni-Channel marketing practices.
Treat Sensitive Data with Care
Some data types are very sensitive and it is advised to carefully consider asking for data such as age, gender, or ethnicity. Limit the use of data to only what is needed for creating more personalized experiences for customers.
Choose Partners Carefully
Review each contract with activation partners and ensure that there are clear obligations related to the care, custody, and control of any data sent to the partner.
Data Subject Rights Request
Data Subject Rights requests must be submitted by using Individual ID as the identifying parameter. Requests must be submitted and processed separately in all the connected Salesforce clouds, including Commerce Cloud.
Consent Management
Data Cloud provides multiple methods for ingestion and storing consumer’s consent preferences.
- Ingesting Consent Preferences
Consent preferences have to be ingested using connectors from wherever they are stored. Common storage locations are data extensions (Marketing Cloud Engagement Connector), Sales or Service Cloud standard or custom objects (Salesforce CRM Connector), or external sources (Cloud Storage Connector).
- Honor “Do Not Share” and “Do Not Sell” Requests in Data Cloud
Comply with the California Privacy Rights Act (CPRA) and other laws that give consumers the right to restrict sharing their data with or selling it to third parties by understanding these laws.
- Ingest “Do Not Share” and “Do Not Sell” Data
Ingest individuals’ data about Do Not Share and Do Not Sell as part of the data stream. In order to ensure the data is properly handled in Data Cloud, reconcile and store it in Unified Individual data model objects (DMOs).
- Filter for “Do Not Share” and “Do Not Sell” Requests
Filter out unified individuals who have decided not to have data shared during segmentation.
When setting up the segment, create a direct attribute based on the Unified Individual DMO field in which Do Not Share or Do Not Sell data is stored. Apply this filter to all data about individuals before providing it to third parties.