Secure Information Option

We have added the ability to collect Social Security Number, Drivers License and Passport as highly secure options to race registration. This was done at the request of a race held on a military base, but may be useful for other purposes as well (such as border crossing races that might require Passport numbers).

The data is stored in our database using 4096-bit RSA encryption.  We generate a “Private Key” for the race – it is the only key that will unlock the data. This means that no one else, including the administrators of the database at RunSignUp, can decrypt the data. If the race loses the key, the data cannot be decrypted and is lost forever.

The setup is under Race > Registration > Sensitive Information Collection.  Only RunSignUp can enable this feature for races.

Screen Shot 2016-01-13 at 10.06.42 AM.png

Once enabled, the race must set up their private key:

Screen Shot 2016-01-13 at 10.08.02 AM.png

Once the private key is set up, the following form will show.  NOTE – THIS IS THE ONLY TIME YOU WILL SEE THE PRIVATE KEY. You need to copy it into a secure place – we recommend a password protected document. THIS IS THE ONLY KEY THAT WILL UNLOCK THE DATA!

Screen Shot 2016-01-13 at 10.08.59 AM.png

Once you copy the Private Key and close the pop-up, you will then select which data elements you want to ask for from registrants on a per event basis:

Screen Shot 2016-01-13 at 11.04.06 AM.png

What Participants See

Participants are asked for the data when they register. The Social Security number is validated as a 9 digit number. The fields are set as required and must be filled in.

Screen Shot 2016-01-13 at 11.05.57 AM.png

Downloading Data

The “Download Participant Data” button downloads all data.  The user will see this popup, where they will need to enter their private key – yes that long string of numbers and characters. If filled in properly, then you will get a CSV spreadsheet download of the data. Make sure you properly protect this file and the data, as it is your responsibility.

One of the ways that you can keep this secure is to grant access to just this page for the Security Agent who is assigned to review the data. Then give them the Private key for them to download the data and do the background checks.

There is the ability to reset the private key. If the private key is reset, all previous data is lost – you will NOT be able to go back and retrieve any of the previous data.

Leave a Reply

Leave a Reply

%d bloggers like this: