Critical Update: Encrypted Data Is Visible to Authenticated Users

Encrypted data is visible onscreen—that is, it’s not hidden by masking characters—when you activate this critical update. To hide data from unauthorized users, you must use field-level and object-level security, regardless of whether the data is encrypted. The View Encrypted Data permission is not available. This change applies to Lightning Experience, Salesforce Classic, and all versions of the Salesforce1 mobile app.

This update gives you a more consistent experience for users when they access encrypted data, and reduces confusion between data that’s masked and data that’s encrypted.

Some organizations don't have to do anything to get this change.

  • Beginning with Spring ’17, View Encrypted Data is automatically decoupled from masking when you generate your first tenant secret.
  • If you started generating tenant secrets before Spring ’17, you must activate this critical update.

The View Encrypted Data permission still applies to Classic Encryption.