Page 21 - MarDefComp

P. 21

3/5/2021 PRRL Data Authorization - NAGDCA
database. This will ensure total security for
Nominate your plan for a 2021 NAGDCA Leadership Award today! Entries due April 30 X
your plan. LEARN MORE
LEARN MORE

For the transfer itself, only encrypted data will
be sent to the database, and no personally

identi able information will be sent. This
includes social security numbers, employee
ID numbers, names, birthdates, job titles,
address, location, or any other piece of

information that can be used to identify any
individual.

The following is a detailed description of the
data transfer process:

Phase 1: at Third Party provider

Generate encryption key

Distribute encryption key to data
provider
Details:

Third Party generates encryption
key on secure, dedicated system
The key is sent from Third Party to
the data provider via secure
method using an encrypted le

At no point, does Third Party
receive any data
The encryption key never goes to

EBRI or NAGDCA

Phase 2: at Data Provider

Implements hash algorithm – extracts

data les
Transfers data le to database
Details:
Decrypts package from Third Party

to extract encryption key
Implements masking protocol: runs
real ssn value through HMAC-
SHA256 algorithm and encryption

https://www.nagdca.org/data-center/prrldataauthorization/ 4/7

16 17 18 19 20 21 22 23 24 25 26