In today’s data-driven landscape, strict regulations govern the storage and processing of sensitive information across various industries. Salesforce, a widely adopted platform, is no exception. This guide explores the importance of data encryption in adhering to data protection laws and outlines the encryption tools available in Salesforce to meet regulatory requirements.

Common Data Types and Applicable Regulations

Financial Data

NYCRR 500 Cybersecurity

Health Data


Personal Data Online


Encryption Tools in Salesforce

Salesforce offers several tools to encrypt data, ensuring the secure storage and processing of sensitive information:

Encrypted Text Fields (Classic Encryption)

Cost-effective method available out of the box.
Protects custom text fields with AES 128-bit keys.
Suitable for storing sensitive data like credit card information.
Salesforce Shield

Comprises Event Monitoring, Field Audit Trail, and Shield Platform Encryption.
Event Monitoring: Tracks data access, user interactions, and network details.
Field Audit Trail: Extends tracking to 10 years, tracking changes in up to 60 fields per object.
Shield Platform Encryption: Encrypts data on the database level, allowing controlled access with relevant permissions.

Protecting Data in Apex (Salesforce's Programming Language)

Apex provides a proprietary object-oriented programming language.
Apex Encryption (Crypto Class): Allows custom cryptographic functions and supports AES128, AES192, AES256 encryption algorithms.

Applicability to Salesforce Data Security Regulations
Regulation Requirements Encryption Tool Fit
Encrypted Text Fields Salesforce Shield Protecting data in Apex
NYCRR 500 NIST-compliant, 256-bit Advanced Encryption Standard (AES encryption) (up to 128 bit)
Store encryption keys apart from the encrypted financial data in a security device specifically designed for this task help1
The Key Management Interoperability Protocol (KMIP)
PCI DSS AES encryption (128 bit and higher)
PGP implemented
Keep encryption keys and data separate help1
HIPAA End-to-end encryption (E2EE)
AES encryption (128 bit and higher)
OpenPGP implemented
S/MIME implemented
GDPR End-to-end encryption (E2EE)
AES encryption (128 bit and higher)
CCPA End-to-end encryption (E2EE)
AES encryption (128 bit and higher)

Salesforce Implementation Examples

Encrypted Text Fields (Classic Encryption)

Allows the creation of custom encrypted text fields.
Supports masking options for sensitive information.

Salesforce Shield

Event Monitoring: Tracks user interactions, data access, and network details.
Field Audit Trail: Extends data tracking capabilities.
Protecting Data in Apex (Crypto Class)

Apex Encryption: Offers flexibility for custom cryptographic functions.
Supports AES128, AES192, AES256 encryption algorithms.


Salesforce, trusted by industry leaders, ensures data security and compliance across diverse sectors. By leveraging encryption tools like encrypted text fields, Salesforce Shield, and Apex Encryption, businesses can protect sensitive information and meet the stringent requirements of data protection regulations.

For inquiries on optimizing your data security with Salesforce and tailored encryption solutions, please contact us. Your data integrity and regulatory compliance are our top priorities.