Public Retirement Research Lab Data Authorization

Better decisions start with better data.
Participate in the Public Retirement Research Lab (PRRL) & get better data for your plan.

How to Participate

Review

Review our preliminary list of data categories so you understand what will be transferred from your recordkeeper.

What data will go into the database?

What is considered personally identifiable information (PII)?

PII includes, but is not limited to, Social Security numbers, birth dates, employee ID numbers, or any other piece of information that could be used to identify an individual. None of these data will be transmitted to the database from your recordkeeper, so there is no risk of your employees’ PII falling into the wrong hands.

Consider

Consider the process and security protocols.

Click for a quick overview of the data transfer process.

Click for a detailed description of the data security protocols.

Your data security is our top priority. Your plan’s data will be completely encrypted by your record keeper before it is sent to the database. This will ensure total security for your plan.

For the transfer itself, only encrypted data will be sent to the database, and no personally identifiable information will be sent. This includes social security numbers, employee ID numbers, names, birthdates, job titles, address, location, or any other piece of information that can be used to identify any individual.

The following is a detailed description of the data transfer process:

Phase 1: at Third Party provider

Generate encryption key
Distribute encryption key to data provider
Details:
- Third Party generates encryption key on secure, dedicated system
- The key is sent from Third Party to the data provider via secure method using an encrypted file
- At no point, does Third Party receive any data
- The encryption key never goes to EBRI or NAGDCA

Phase 2: at Data Provider

Implements hash algorithm – extracts data files
Transfers data file to database
Details:
- Decrypts package from Third Party to extract encryption key
- Implements masking protocol: runs real ssn value through HMAC-SHA256 algorithm and encryption key, resulting in 64 character hash value
- Combines 64 character hash value with data files
- Real ssn value, along with any personally identifiable data is deleted from data files before it is sent to the PRRL
- The encryption key never goes to EBRI or NAGDCA – Third Party available for implementation support
- The data files are transferred from data provider to PRRL via secure method. FTP transfer of encrypted file is preferred method

Phase 3: at PRRL

Manipulates final data files
Produces analytic deliverables
Details:
- Decrypts package from data provider to extract data files containing standard 64 character hashed id
- Re-encrypts hashed value with an EBRI proprietary key
- Manipulate data and process analytical results on segregated & secure system
- At no point, does PRRL receive encryption key used by providers

Discuss

The legal and data sharing agreements for this project exist between your recordkeeper and the Employee Benefit Research Institute (EBRI). Contact your recordkeeper for details on how their agreement protects any of your data from ever being released.

Participate

Digitally sign the form linked below to authorize your recordkeeper to transfer data to the PRRL database.

*Please note: this authorization is not a legally binding document. The purpose is simply to inform your recordkeeper that you would like your data included in the PRRL database.

Sign Authorization

What is the benefit for plan sponsors? Click here to review what you receive for adding your data.

Questions? Contact Matt Petersen at mpetersen@nagdca.org