Make Users’ Personal Data Unusable by Salesforce at Their Request

When users no longer want their personal data recognized in Salesforce, you can permanently scramble it with the new System.UserManagement.obfuscateUser Apex method. However, be careful using this method. When you invoke the method for that user, the data becomes anonymous, and you can never recover it.

Where: This feature is available in Lightning Experience, Salesforce Classic, and in Enterprise, Performance, Unlimited, and Developer editions.

Why: For example, a departing sales rep or an external user leaving a community wants Salesforce to stop tracking their personal information. You invoke the System.UserManagement.obfuscateUser Apex method, which permanently scrambles the user’s data and replaces it with random character strings. The user’s detail page remains, but the fields contain meaningless strings of characters.

Scramble user data before and after

obfuscateUser() affects the standard fields of the user object, excluding a few fields, such as the user ID, time zone, locale, and profile.



Using this method doesn’t trigger an email change notification.

How: To enable this feature, in Setup, go to User Management Settings, and select Scramble Specific Users’ Data.

Sramble user data user management setting

Then invoke System.UserManagement.obfuscateUser through Apex triggers, processes, workflows, or the Developer Console. This method changes only the user object. The association between the user and other objects is removed, but no other objects are changed. For example, contact, ThirdPartyAccountLink (TPAL), and user password authentication (UPA) objects remain unchanged.

It is recommended that you note the user’s ID and other attributes for post processing, such as the email address, if you want to send the user a confirmation.

This feature is part of our effort to protect users’ personal data and privacy.