Designing AI-Powered Access-Control and Data-Minimisation Pipelines in Salesforce for GDPR and HIPAA

Jakranpally, Karthik

doi:https://dx.doi.org/10.21275/MS2312083417

Designing AI-Powered Access-Control and Data-Minimisation Pipelines in Salesforce for GDPR and HIPAA

Karthik Jakranpally

Abstract: The European General Data Protection Regulation (GDPR) and the U. S. Health Insurance Portability and Accountability Act (HIPAA) impose strict principles of "data minimisation" and "minimum necessary use" on controllers processing personal or protected-health-information (PHI). Commercial customer-relationship-management (CRM) platforms such as Salesforce attract particular scrutiny because agents, chat-bots and integration middleware handle cross-border data at scale. Existing Salesforce security features role hierarchies, profiles, and static sharing rules lack the fine-grained, context-aware enforcement required by modern zero-trust doctrines. We present SAGE-Shield, an AI-enhanced policy-as-code framework that combines (i) Salesforce Shield Event Monitoring, (ii) an Open-Policy-Agent (OPA) cluster for attribute-based access control (ABAC), and (iii) a privacy-preserving transformer that performs token-level detection, pseudonymisation, or redaction of PHI in real time. A 12-month e-prescription corpus comprising 3.1 million records (250 GB) was replayed through SAGE-Shield in a staging sandbox. Compared with a baseline role-based-access-control (RBAC) configuration, the proposed pipeline reduced PHI exposure by 97.6 %, cut mean policy-evaluation latency from 47 ms to 23 ms (-51 %), and detected 68 % more sharing-rule violations. Ablation studies confirm that the transformer's risk-aware logits materially improve least-privilege decisions: disabling the language model increases false-negative redaction by 4.2 pp and doubles audit remediation effort. We release reference Terraform scripts and anonymised policy sets to foster replication. To our knowledge, this is the first work that systematically integrates generative-AI redaction with real-time ABAC for GDPR and HIPAA inside Salesforce.

Keywords: Salesforce Shield, data minimisation, GDPR, HIPAA, attribute-based access control, large language models, zero trust, privacy engineering

How to Cite?: Karthik Jakranpally, "Designing AI-Powered Access-Control and Data-Minimisation Pipelines in Salesforce for GDPR and HIPAA", Volume 12 Issue 12, December 2023, International Journal of Science and Research (IJSR), Pages: 2271-2273, https://www.ijsr.net/getabstract.php?paperid=MS2312083417, DOI: https://dx.doi.org/10.21275/MS2312083417