Agentforce and PII: Protecting Sensitive Data Before AI Deployment

When Agentforce retrieves a record, everything in the fields it reads enters the AI context. That includes any personally identifiable information (PII) hiding in free-text fields, even when those fields were never meant to hold sensitive data. A Social Security Number pasted into a case comment becomes part of what the agent reads, reasons over, and can surface in a generated response.

This guide explains how PII reaches the Agentforce context, where it accumulates in Salesforce, and how to find and remediate it before go-live. It builds on two related guides: the Agentforce Preparation hub for full deployment readiness, and PII Detection for how DQS pattern matching works.

How Does PII Enter the Agentforce Context?

Agentforce agents follow a consistent flow: they retrieve Salesforce records, ground their reasoning in the field values they read, and generate a response from that context. PII enters at the retrieval step. The agent does not distinguish between a field meant for sensitive data and a free-text field where sensitive data landed by accident. It reads both.

Three sources fill text fields with PII over time:

• Email-to-case. Incoming messages get captured into Case Description and Comments verbatim. Customers include SSNs, account numbers, and card details when they describe a problem. All of it lands in a text field.
• Support and sales notes. Agents paste identity-verification details, payment information, and contact data into notes during a call. The note persists long after the interaction.
• Imported and integrated data. Migrations and integrations write contact details, dates of birth, and identifiers into description and comment fields where no validation runs.

Once that data sits in a retrievable field, any agent scoped to read the object can pull it into context. The exposure exists before you deploy a single agent. Deployment turns a dormant data problem into an active one.

Where Does PII Hide in Salesforce?

PII concentrates in unstructured text fields. Structured fields (Email, Phone) contain PII by design and are governed accordingly. The risk lives in the free-text fields users treat as scratch space.

Description and Comments fields on Case carry the highest risk because email-to-case feeds them automatically and at volume. Treat those two fields as your first priority in any scan. For the full set of where-it-hides scenarios, see PII Detection Scenarios.

Which Regulations Apply?

PII in retrievable fields can implicate the privacy and security frameworks your organization already operates under. The specifics depend on your data, your jurisdiction, and your contractual obligations, so treat the points below as a starting list to review with your compliance team, not legal advice.

• GDPR. Principles such as data minimization and purpose limitation typically mean PII should not sit in fields beyond its intended use. An agent reading a birth date out of a description field may fall outside the purpose for which that data was collected.
• HIPAA. Where protected health information (PHI) appears in support notes or case text, handling rules may apply to any system that processes those fields, including an AI agent.
• PCI DSS. Card data in free-text fields typically falls under storage and handling requirements. Card numbers in Case Comments are a common and high-priority finding.

Because DQS runs entirely inside Salesforce, scanning for PII does not create a new data transfer or move data to an external service. No data leaves your org. That keeps the discovery step itself out of scope for cross-border transfer and processor concerns. Confirm the regulatory mapping for your situation with your compliance team before deployment.

How Do You Scan for PII With DQS?

DQS scans text fields with eight predefined regex patterns and reports exposure as a single metric. Detection is deterministic and transparent: you see every pattern applied, and the same input always returns the same result.

The eight patterns cover four categories:

Configure scans with three controls:

• Presets. The Critical preset activates SSN and Credit Card only. Use it for a fast financial-PII check with near-zero false positives. The Standard preset adds Email and US Phone. The Extended preset runs all eight.
• Per-field overrides. Apply different pattern sets to different fields. Scan an Email field for SSN and Credit Card only, since email matches there are expected. Scan Description and Comments with the full Extended set, since any PII type can appear.
• PII Exposure Rate. This is the headline metric: the percentage of scanned records containing at least one pattern match. Pair it with the Records with PII count to scope your cleanup.

Build a definition for each high-risk object in the Definition Builder, point it at the Description and Comments fields, and run the Critical preset first to isolate financial PII. Then run Extended for a complete inventory.

What Does the Remediation Playbook Look Like?

A PII scan produces a list of matches. Remediation turns that list into resolved findings. Work through it in order.

1. Review the matches. Some patterns carry false-positive risk. Date of Birth matches any US-formatted date, and Credit Card can match long order numbers. Confirm each match before treating it as PII. Use the pattern category to triage: Financial findings come first.
2. Decide the action per field. For each confirmed finding, choose one of three responses:
   • Mask. Replace the sensitive value while keeping the surrounding text usable for the agent.
   • Delete. Remove the value where it serves no business purpose.
   • Exclude the field from agent scope. Where a field reliably holds PII the agent does not need, remove it from the agent’s retrieval scope so the data never enters context.
3. Rerun to validate. After remediation, run the same scan again. Compare PII Exposure Rate against your pre-remediation baseline. The number confirms cleanup worked. For a structured cleanup sequence across all dimensions, follow the Salesforce Data Cleanup for Agentforce guide.

Excluding a field from agent scope is the fastest control when a field has no AI value. Masking and deletion address fields the agent still needs to read.

Pre-Deployment PII Safety Targets

Hold deployment until your data meets these targets on every text field Agentforce will access:

• PII Exposure Rate below 1% on text fields in agent scope.
• Zero SSN matches on Case Description and Comments.
• Zero credit card matches on Case Description and Comments.
• Per-field overrides configured for expected-content fields so Email and Phone fields do not inflate the rate.

These thresholds come from the Agentforce Data Readiness Checklist. Get compliance team sign-off against them before go-live, and test agent responses on remediated data to confirm no PII appears in generated content.

How Do You Keep PII Out After Go-Live?

PII exposure is not a one-time cleanup. Email-to-case keeps writing customer messages into Case fields, and users keep pasting verification details into notes. A clean dataset accumulates new exposure within weeks.

Schedule recurring scans to catch regression early:

Track PII Exposure Rate over time so a rising trend triggers review before it reaches your agents. Weekly scans on Case and Lead cover the fields where new PII lands fastest. Assign ownership for reviewing findings so the scan results turn into action.

Undetected PII is one of the most common reasons agents produce non-compliant output. For the broader failure patterns, see Why Agentforce Agents Fail.

Next Steps

• PII Detection: the eight patterns, presets, and per-field configuration in detail
• Agentforce Preparation: full deployment readiness across all six dimensions
• Agentforce Data Readiness Checklist: the complete pre-deployment target list
• Agentforce Data Quality FAQ: common questions on preparing data for agents
• AI Readiness Assessment: score your current readiness