Data Protection

If you diverge from the default data model, ensure that proper controls are maintained.

B2C Service does not have any specific fields defined in the default data schema intended to store payment account numbers (PAN), social security numbers, or protected health information (PHI); however, there are supported methods to customize the data model. You can extend and customize the B2C Service data model to best fit your needs. Whenever you diverge from the default data model, be sure to validate that proper controls are maintained.

One method for customizing the data model is to define encrypted custom attributes in custom objects, incidents, and contacts. Custom attribute encryption masks sensitive information, such as credit card details, to enable you to adhere to the Payment Card Industry (PCI) Data Security Standards. To do this, you create the new custom attribute and encrypt it on the Service Console, see Add a Field to a Custom Object. Encrypted fields are available only in the Agent Browser User Interface (Agent Browser UI), and can be decrypted only by agents with the Allow Custom Attribute Decryption permission. See Overview of Custom Attribute Encryption.

It is important for you to know what data will be captured, how it will be used, and who should have access. In regulated environments, even though your data is stored within the Cloud Service Provider (CSP) database, it is still your responsibility to define your data classification and how you will govern your data.