What These Scenarios Cover
This page walks through three real-world configurations of DQS PII detection. Each scenario covers a specific scanning need, shows the exact settings to use, and explains how to read the results.
These walkthroughs build on the concepts from the main PII Detection article. Read that first if you are new to PII detection patterns, presets, or the diagnostic flow.
Scenario 1: Pre-AI Audit on Case Comments
The Business Context
Your company is rolling out Agentforce on the Service Cloud. Before connecting Case data to AI, the compliance team requires a PII exposure report. You need to scan Case free-text fields (Description, Internal Comments) to know whether PII is present and how widespread it is.
Configuration
Use the Standard preset with PII Detection Analysis mode. This gives you both metrics: the count and the exposure rate.
| Setting | Value | Why |
|---|---|---|
| Preset | Standard (SSN, Credit Card, Email, US Phone) | Covers the four most common PII types without noise from high-FP patterns |
| Analysis Mode | PII Detection Analysis | You need both Records with PII (count) and PII Exposure Rate (percentage) for the compliance report |
| Fields | Description (LongTextArea), Internal_Comments__c (LongTextArea) | Free-text fields where agents paste customer communications |
Sample Results (for Description field)
| Metric | Value |
|---|---|
| Records with PII | 1,247 |
| PII Exposure Rate | 15.6% |
Total Case records scanned: 8,000.
Reading the Results
Start with PII Exposure Rate: 15.6%. Roughly 1 in 6 Case descriptions contains PII. This is above any reasonable threshold for AI processing.
Records with PII gives the cleanup scope: 1,247 cases need review. This number tells the compliance team how large the remediation effort is.
The Standard preset scans for SSN, Credit Card, Email, and US Phone. High matches on a Description field likely come from email addresses (agents pasting customer emails) and phone numbers (callback details). SSN and credit card matches are the compliance-critical findings.
To break down the exposure by PII type, run separate scans with individual patterns enabled. First, scan with only SSN + Credit Card (the Critical preset) to isolate the high-severity findings. Then compare against the full Standard scan to see how much of the exposure is contact information vs. financial PII.
Next Action
Present the compliance team with two numbers: 1,247 records affected, 15.6% exposure rate. If the SSN/credit card subset is non-zero, those records need remediation before AI deployment. The email and phone matches need a policy decision: are those PII types acceptable in the AI context, or do they also need masking?
Scenario 2: Financial Compliance Quick Check on Leads
The Business Context
Your data team is migrating 50,000 Lead records to a new marketing automation platform. The vendor’s DPA (Data Processing Agreement) prohibits transferring SSNs or credit card numbers. You need a fast yes/no answer: does the Lead data contain financial PII?
Configuration
Use the Critical preset with PII Scan mode. Two patterns, fast scan, count-only output.
| Setting | Value | Why |
|---|---|---|
| Preset | Critical (SSN, Credit Card) | Only two patterns. Minimum scan for financial PII. Near-zero false positive rate. |
| Analysis Mode | PII Scan | You need a count, not a percentage. Fast scan for a go/no-go decision. |
| Fields | Description (LongTextArea), Notes__c (TextArea), Company (String) | Free-text fields where financial PII can appear |
Sample Results (for Description field)
| Metric | Value |
|---|---|
| Records with PII | 23 |
Total Lead records scanned: 50,000.
Reading the Results
23 records out of 50,000. The SSN pattern (NNN-NN-NNNN) and credit card pattern (13-16 digit sequences) found matches in 23 Lead descriptions.
This is a small number, but for a migration governed by a DPA, even one record matters. These 23 records need manual review before export.
Some matches are likely false positives, especially from the credit card pattern. Long numeric sequences in Lead descriptions (tracking numbers, invoice IDs) can trigger the 13-16 digit regex. Review the 23 records to separate confirmed PII from false matches.
If the Notes__c and Company fields also show matches, add those to the review list. The Company field (String type) is short text, so false positives from the credit card pattern are less likely but still possible.
Next Action
Pull the 23 records for manual review. Confirm which are actual SSNs or credit card numbers vs. false positives. Remediate confirmed PII: delete, mask, or exclude from export. Rerun the scan after remediation to verify zero matches. Document the clean scan result for the vendor’s DPA compliance file.
Scenario 3: Per-Field Override Strategy for a Support Org
The Business Context
Your support org has 6 text fields across Case and Contact objects. Each field has different PII risk characteristics. A single global pattern set produces too many false positives on some fields and misses risk on others. You need field-specific pattern configurations.
Configuration
Start with a global baseline, then override per field.
Global configuration:
| Setting | Value | Why |
|---|---|---|
| Preset | Standard (SSN, Credit Card, Email, US Phone) | Reasonable default for most fields |
| Analysis Mode | PII Detection Analysis | Exposure rates needed for the quarterly governance report |
Per-field overrides:
| Field | Object | Type | Override Patterns | Rationale |
|---|---|---|---|---|
| Contact | SSN, Credit Card only | The Email field contains email addresses by design. Scanning for the email pattern produces 100% matches. Only scan for financial PII that does not belong in this field. | ||
| Description | Case | LongTextArea | Extended (all 8) | Free text where anything can appear. Agents paste full customer communications. Use the widest net. |
| Subject | Case | String | Critical (SSN, Credit Card) | Short text field. High false-positive risk for patterns like DOB. Only scan for the two highest-severity types. |
| Internal_Comments__c | Case | LongTextArea | Standard (4 patterns) | Keep the global default. Internal comments have moderate PII risk. |
| Phone | Contact | Phone | SSN, Credit Card only | The Phone field contains phone numbers by design. Same logic as Email: only scan for PII types that do not belong. |
| Notes__c | Contact | TextArea | Standard + IP Address | Notes field gets the default plus IP Address. Support contacts sometimes include server/network information in notes. |
Sample Results
| Field | Records with PII | PII Exposure Rate |
|---|---|---|
| Email (Contact) | 3 | 0.04% |
| Description (Case) | 1,847 | 23.1% |
| Subject (Case) | 0 | n/a |
| Internal_Comments__c (Case) | 412 | 5.2% |
| Phone (Contact) | 0 | n/a |
| Notes__c (Contact) | 89 | 2.8% |
Reading the Results
Email field: 3 records, 0.04%. Three Contact email fields contain something matching the SSN or credit card pattern. This is unexpected and worth investigating. Likely a data entry error where someone put an SSN in the email field.
Description field: 1,847 records, 23.1%. Nearly a quarter of Case descriptions contain PII. The Extended preset catches everything. The high count is expected on a free-text field where agents paste customer communications. This field is your highest-priority target for remediation.
Subject field: 0 records. Clean. The Critical preset on a short text field produces zero noise.
Internal Comments: 412 records, 5.2%. Moderate exposure. The Standard preset catches the common patterns without the noise of DOB false positives. 412 records is a manageable review scope.
Phone field: 0 records. Clean. No SSNs or credit cards in the phone field.
Notes field: 89 records, 2.8%. Low exposure. The IP Address pattern addition caught some matches in the notes. Review whether these are actual IP addresses from server configurations pasted by support staff.
Next Action
Focus remediation on the Description field first (highest exposure). Use the per-field results to prioritize: Description (23.1%) > Internal Comments (5.2%) > Notes (2.8%) > Email (0.04%). The Subject and Phone fields are clean.
Run this scan quarterly. The per-field overrides stay in place, so each subsequent scan uses the same targeted configuration.
Choosing Your Configuration
| If You Need To… | Start With | Key Settings |
|---|---|---|
| Run a PII audit before an AI project | Standard preset, PII Detection Analysis | Both metrics give count + exposure rate for compliance reports |
| Check for financial PII before a data migration | Critical preset, PII Scan | Two patterns, fast scan, near-zero false positives |
| Maximize detection coverage for a first-time audit | Extended preset, PII Detection Analysis | All 8 patterns. Higher false-positive rate but nothing is missed. |
| Tune detection per field to reduce false positives | Standard global + per-field overrides | Remove expected-content patterns (email on Email fields, phone on Phone fields) |
| Run a targeted compliance check for specific PII types | Custom pattern set, PII Scan | Toggle only the specific patterns relevant to your compliance framework |
For a full reference of all 8 detection patterns, three presets, and how the diagnostic flow works, return to the main PII Detection article.
To see how PII detection fits into the broader AI readiness picture, take the AI Readiness Assessment.