87 FR 176 pgs. 56038-56044 - Privacy Act of 1974; System of Records
Type: NOTICEVolume: 87Number: 176Pages: 56038 - 56044
Pages: 56038, 56039, 56040, 56041, 56042, 56043, 56044Docket number: [Docket ID ED-2022-FSA-0108]
FR document: [FR Doc. 2022-19886 Filed 9-12-22; 8:45 am]
Agency: Education Department
Official PDF Version: PDF Version
[top]
DEPARTMENT OF EDUCATION
[Docket ID ED-2022-FSA-0108]
Privacy Act of 1974; System of Records
AGENCY:
Federal Student Aid, U.S. Department of Education.
ACTION:
Notice of a new system of records.
SUMMARY:
In accordance with the Privacy Act of 1974, as amended (Privacy Act) (5 U.S.C. 552a), the U.S. Department of Education (Department) publishes this notice of a new system of records titled "Enterprise Data Management and Analytics Platform Services (EDMAPS)" (18-11-22). The EDMAPS system is a data analytics platform that ingests data from multiple Federal Student Aid (FSA) systems of records to perform big-data analytics on FSA data in one common location, produce reports and statistical models, and serve as a centralized repository of information about FSA customers across the full student aid life cycle.
DATES:
Submit your comments on this new system of records notice on or before October 13, 2022.
This new system of records will become effective upon publication in the Federal Register on September 13, 2022, unless it needs to be changed as a result of public comment, except for the routine uses. The routine uses, listed in the section titled "ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES," will become effective on October 13, 2022, unless they need to be changed as a result of public comment. The Department will publish any significant changes to the new system of records notice or routine uses resulting from public comment.
ADDRESSES:
Comments must be submitted via the Federal eRulemaking Portal at regulations.gov . However, if you require an accommodation or cannot otherwise submit your comments via regulations.gov , please contact the program contact person listed under FOR FURTHER INFORMATION CONTACT . The Department will not accept comments submitted by fax or by email or those submitted after the comment period. To ensure that we do not receive duplicate copies, please submit your comments only once. In addition, please include the Docket ID at the top of your comments.
Federal eRulemaking Portal: Go to www.regulations.gov to submit your comments electronically. Information on using Regulations.gov , including instructions for accessing agency documents, submitting comments, and viewing the docket, is available on the site under the "help" tab.
Privacy Note: The Department's policy is to make all comments received from members of the public available for public viewing in their entirety on the Federal eRulemaking Portal at www.regulations.gov. Therefore, commenters should be careful to include in their comments only information that they wish to make publicly available.
Assistance to Individuals With Disabilities in Reviewing the Rulemaking Record: On request, we will supply an appropriate accommodation or auxiliary aid to an individual with a disability who needs assistance to review the comments or other documents in the public rulemaking record for this notice. If you want to schedule an appointment for this type of accommodation or auxiliary aid, please contact the person listed under FOR FURTHER INFORMATION CONTACT .
FOR FURTHER INFORMATION CONTACT:
Barry Goldstein, Chief Data Officer, FSA, U.S. Department of Education, UCP, Room 64E1, 830 First Street NE, Washington, DC 20202-5454. Telephone: (202) 377-4563.
If you are deaf, hard of hearing, or have a speech disability and wish to access telecommunications relay services, please dial 7-1-1.
SUPPLEMENTARY INFORMATION:
Introduction
The EDMAPS system provides a unified data platform and common data environment for FSA to improve the accuracy and consistency of student aid life cycle data. As described in greater detail below, the EDMAPS system brings together one of FSA's largest data platforms, the Enterprise Data Warehouse and Analytics (EDWA), and two newly created components, a Data Lake and Person Master Data Management (pMDM), to manage and reconcile data.
Information from the student aid life cycle will be stored in EDMAPS to, among other things, support the principle of Master Data Management, with the goal of establishing a master copy of key data elements after reconciling and resolving interface discrepancies among various FSA databases.
The EDMAPS system provides a more flexible data architecture that will allow FSA to, among other things, more efficiently and accurately respond to complex data requests and mandated changes in title IV of the Higher Education Act of 1965, as amended (HEA) (20 U.S.C. 1070 et seq. ), policies and operations. It will also allow FSA to, for instance, provide additional insights into title IV, HEA programs, improve oversight of FSA vendors, and develop a global view of FSA operations.
In summary, the EDMAPS system consists of the following components:
(i) Enterprise Data Warehouse and Analytics (EDWA)-a data warehouse that ingests enterprise-wide data for the purposes of reporting, analytics, and the development of statistical models. FSA leverages EDWA in daily operations to help aid applicants and recipients achieve better outcomes through outreach to borrowers at risk of default and of being defrauded;
(ii) Person Master Data Management (pMDM)-an EDMAPS system component that uses algorithms to identify the most accurate and/or up-to-date identifying and contact records for an aid applicant, aid recipient, and parent or spouse of an aid applicant or recipient, as applicable; and
(iii) Data Lake-a secure environment for receiving large quantities of raw data with the capability to curate the data into structured databases or the EDWA, archive data for future use, present structured and unstructured data to users for reporting and query purposes, and manage unstructured data for search or conversion to structured data utilizing optical character recognition (OCR) software. Unstructured data include pdf files, servicer telephone conversations, and free-text fields from feedback/complaint forms.
EDMAPS differs from other FSA systems that contain similar or the same information in that its architecture and purpose primarily focus on analytics, reporting, and modeling, with limited focus on production including loan discharge (as explained below). FSA's production systems interact with key participants in the financial aid process, such as postsecondary institutions, and in many cases, can be used to generate reports or analysis, but their primary purpose is production and operations of the title IV, HEA programs. For instance, in addition to receiving replicated data, EDMAPS maintains month-end snapshots of data and roll ups of data, which facilitate reporting, analysis, and trending not only of recent data but also of historical data.
[top] EDMAPS also contains built-in statistical tools, such as Python and SAS, to facilitate regressions, modeling,
Richard Cordray,
Chief Operating Officer, Federal Student Aid.
For the reasons discussed in the preamble, the U.S. Department of Education publishes a notice of a new system of records to read as follows:
SYSTEM NAME AND NUMBER:
"Enterprise Data Management and Analytics Platform Services (EDMAPS)" (18-11-22).
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Federal Student Aid (FSA), U.S. Department of Education (Department), Union Center Plaza (UCP), 830 First Street NE, Washington, DC 20202-5454.
Amazon Web Services (AWS), 1200 12th Avenue, Suite 1200, Seattle, WA 98114. (This is the Computer Center for the EDMAPS system's application, where all electronic EDMAPS system information is processed and stored.)
Accenture, 22451 Shaw Road, Sterling, VA 20166-4319. (The EDMAPS system's Sterling Cloud-based Operations is located here.)
Accenture DC, 810 First Street NE, Washington, DC 20202-4227. (This is the EDMAPS system's Operations Center.)
SYSTEM MANAGER(S):
System Owner, EDMAPS System, Federal Student Aid (FSA), U.S. Department of Education (Department), Union Center Plaza (UCP), Room 102-E5, 830 First Street NE, Washington, DC 20202.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The EDMAPS system is authorized under title I, Part D, and title IV of the Higher Education Act of 1965, as amended (HEA) (20 U.S.C. 1018-1018b and 20 U.S.C. 1070 et seq. ), the Presidential Memorandum entitled, "A Student Aid Bill of Rights to Help Ensure Affordable Loan Repayment" (March 10, 2015), the Higher Education Relief Opportunities for Students Act of 2003 (HEROES Act) (20 U.S.C. 1098bb) (including any waivers or modifications that the Secretary of Education deems necessary to make to any statutory or regulatory provision applicable to the student financial assistance programs under title IV of the HEA to achieve specific purposes listed in the section in connection with a war, other military operation, or a national emergency), and sections 701(b) and 702(m) of the FAFSA Simplification Act, title VII, Division FF of Public Law (Pub. L.) 116-260, Consolidated Appropriations Act, 2021.
The EDMAPS system is largely comprised of records that originate from, and are also maintained in, other Department systems of records. Therefore, the Department is also listing the more specific authorities for those systems of records here:
(1) National Student Loan Data System (NSLDS) (18-11-06). The authority under which the NSLDS system of records is maintained includes sections 101, 102, 132(i), 485, and 485B of the HEA (20 U.S.C. 1001, 1002, 1015a(i), 1092, and 1092b), and sections 431(2) and (3) of the General Education Provisions Act (20 U.S.C. 1231a(2)-(3)). The collection of Social Security numbers (SSNs) of aid applicants and recipients who are covered by the NSLDS system is authorized by 31 U.S.C. 7701 and Executive Order 9397 (November 22, 1943), as amended by Executive Order 13478 (November 18, 2008);
(2) Common Origination and Disbursement (COD) (18-11-02). The COD system of records is authorized under title IV of the HEA and the HEROES Act (including any waivers or modifications that the Secretary of Education deems necessary to make to any statutory or regulatory provision applicable to the student financial assistance programs under title IV of the HEA to achieve specific purposes listed in the section in connection with a war, other military operation, or a national emergency);
(3) Common Services for Borrowers (CSB) (18-11-16). The CSB system of records is authorized by titles IV-A, IV-B, IV-D, and IV-E of the HEA;
(4) Health Education Assistance Loan (HEAL) Program (18-11-20). The authority for maintenance of the HEAL Program system of records includes sections 701 and 702 of the Public Health Service Act, as amended (PHS Act) (42 U.S.C. 292 and 292a), which authorize the establishment of a Federal program of student loan insurance; section 715 of the PHS Act (42 U.S.C. 292n), which directs the Secretary of Education to require institutions to provide information for each student who has a loan; section 709(c) of the PHS Act (42 U.S.C. 292h(c)), which authorizes disclosure and publication of HEAL defaulters; the Debt Collection Improvement Act (31 U.S.C. 3701 and 3711-3720E); and the Consolidated Appropriations Act, 2014, Division H, title V, section 525 of Pub. L. 113-76, which transferred the authority to administer the HEAL program from the Secretary of Health and Human Services to the Secretary of Education;
(5) Financial Management System (FMS) (18-11-17). The FMS system of records is authorized by title IV of the HEA;
(6) Postsecondary Education Participants Systems (PEPS) (18-11-09). The PEPS system of records is authorized by sections 481, 487, 498 of the HEA (20 U.S.C. 1088, 1094, 1099c) and section 31001(i)(1) of the Debt Collection Improvement Act of 1996, Pub. L. 104-134 (31 U.S.C. 7701);
(7) Person Authentication Service (PAS) (18-11-12). The PAS system of records and the collection of personal information for the creation and management of an FSA ID (which includes a user ID and a password) is authorized programmatically by title IV of the HEA;
(8) Student Aid Internet Gateway (SAIG), Participation Management System (18-11-10). The SAIG, Participation Management System, system of records is authorized by title IV of the HEA. The collection of SSNs of users of the SAIG, Participation Management System is authorized by 31 U.S.C. 7701 and Executive Order 9397, as amended by Executive Order 13478 (November 18, 2008);
(9) Aid Awareness and Application Processing (18-11-21). The Aid Awareness and Application Processing system of records is authorized under title IV of the HEA (20 U.S.C. 1070 et seq. ) and 20 U.S.C. 1018(f) and 1087e(h). The collection of SSNs of users of the Federal Student Aid Application File system is also authorized by 31 U.S.C. 7701 and Executive Order 9397, as amended by Executive Order 13478 (November 18, 2008).
PURPOSE(S) OF THE SYSTEM:
[top] The information contained in this system of records is maintained for the following purposes (Note: Different parts of the HEA use the terms "discharge," "cancellation," or "forgiveness" to describe when a borrower's loan amount is reduced, in whole or in part, by the Department. To reduce complexity, this system of records notice uses the term "discharge" to include all three terms ("discharge," "cancellation," and "forgiveness"), including, but not limited to, discharges of student loans made pursuant to specific benefit programs. At times, this system of records notice may refer by name to a specific benefit program, such as the "Public Service Loan Forgiveness" program; such specific references are not intended to exclude any such program benefits from more general references to loan discharges):
(1) To provide master data management, to serve as a production database, and to provide common naming conventions and standards;
(2) To provide a data warehouse for analytics, reporting, and modeling;
(3) To provide the Data Lake for the storage of large data sets, both structured and unstructured. (PDFs and audio files are examples of unstructured data);
(4) To provide analytics and reporting, including querying, modeling, forecasting, and visualizing, for the purpose of administering the title IV, HEA programs effectively and efficiently;
(5) To improve transparency by publicly releasing information and reports, as required by the Foundations for Evidence-Based Policymaking Act of 2018 and title IV of the HEA;
(6) To support research, analysis, and development, and the implementation and evaluation of education policies in relation to title IV, HEA programs;
(7) To support Federal budget analysts in the Department, the Office of Management and Budget (OMB), and the Congressional Budget Office (CBO) in the development of budget needs and forecasts;
(8) To help aid applicants and recipients achieve better outcomes through outreach to aid applicants and recipients at risk of default and of being defrauded;
(9) To determine aid recipients' eligibility for discharges of loans under title IV of the HEA;
(10) To maintain and process information and documentation, including, but not limited to, loan discharge income eligibility information, associated consent information for the purposes of eligibility determination and verification information obtained from applicants, or applicable applicant's parent(s) or spouse, and income verification documentation of an aid recipient or applicable aid recipient's parent(s) or spouse, pertaining to discharge of eligible loans under title IV, HEA and promissory notes and other agreements that evidence the existence of a legal obligation to repay funds disbursed under title IV, HEA programs;
(11) To provide a more flexible data architecture that will allow FSA to respond more efficiently and accurately to complex data requests and changes in title IV, HEA policies and operations;
(12) To provide additional insights into title IV, HEA programs, improve oversight of FSA vendors, and develop a global view of FSA operations;
(13) To facilitate the collection, processing, and transmission of information to students, post-secondary and financial institutions, lenders, State agencies, and other authorized operational parties;
(14) To identify, prevent, reduce, and recoup improper payments;
(15) To communicate with aid applicants and recipients regarding including, but not limited to, the Free Application for Federal Student Aid (FAFSA®) processing timelines, debt counseling references, and Public Service Loan Forgiveness (PSLF) information;
(16) To enforce the conditions or terms of a title IV, HEA obligation;
(17) To investigate possible fraud or abuse or verify compliance with program regulations or contract requirements;
(18) To litigate a title IV, HEA obligation, or to prepare for, provide support services for, or audit the results of litigation on a title IV, HEA obligation;
(19) To verify the identity of FSA aid recipients for the purpose of loan discharge eligibility;
(20) To assist audit and program review planning and reviews; and
(21) To conduct testing, analysis, or take other administrative actions needed to prepare for or execute programs under title IV of the HEA.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The EDMAPS system maintains records on the following categories of individuals:
(1) Individual recipients of, and applicants for, aid under one of the programs authorized under title IV of the HEA, including, but not limited to, the: (a) Direct Loan Program; (b) Federal Family Education Loan (FFEL) Program; (c) Federal Insured Student Loan (FISL) Program; and (d) Federal Perkins Loan Program including National Defense Student Loans, National Direct Student Loans, and Perkins Expanded Lending and Income Contingent Loans (Perkins Loans);
(2) Individuals who serve as endorsers on Direct PLUS loans;
(3) Recipients of Federal Pell Grants, Academic Competitiveness Grants (ACG), National Science and Mathematics Access to Retain Talent (SMART) Grants, Teacher Education Assistance for College and Higher Education (TEACH) Grants, and Iraq and Afghanistan Service Grants;
(4) Individuals who owe an overpayment on a Federal Pell Grant, an ACG, a National SMART Grant, a Federal Supplemental Educational Opportunity Grant (FSEOG), or an Iraq and Afghanistan Service Grant, or TEACH or a Federal Perkins Loan;
(5) Individuals who have applied for borrower defense discharges ( Note: The system contains case tracking records on these individuals);
(6) Individuals who received aid under the HEAL Program for analysis of their use of the title IV, HEA programs;
(7) Individuals who are title IV, HEA aid applicants or recipients, and parents or spouses of aid applicants or recipients, who submit feedback/complaints to the Department regarding title IV, HEA programs, contractors, or practices or processes of the Department and those who serve as contacts at educational institutions listed on the program participation agreement, including, but not limited to, financial aid directors and college presidents;
(8) Individuals who are not aid applicants or recipients under title IV, HEA programs, but who have submitted feedback or a complaint or whose information has been provided to the Department as part of an interagency agreement or memorandum of understanding to allow analysis of title IV, HEA programs;
(9) Aid applicants and recipients under title IV, HEA programs, the parents of aid applicants and recipients under title IV, HEA programs, and PLUS loan endorsers who apply for an FSA user ID and password; and
(10) Individuals who are, or once were, the parent(s) of a dependent applicant or aid recipient, or the spouse of a married applicant or aid recipient, under title IV, HEA programs.
CATEGORIES OF RECORDS IN THE SYSTEM:
The EDMAPS system includes, but is not limited to, the following categories of records:
(1) Aid applicant and recipient identifier information, including SSN, FSA user ID (FSA ID), name (both current and previous), date of birth, physical mailing address, phone number, email address, and driver's license information;
(2) Information on the aid recipient's loan(s) covering the period from the origination of the loan through final payment, cancellation, consolidation, discharge, or other final disposition, including details such as loan amount, disbursements, balances, loan status, repayment plan payments and related information, collections, lender and guaranty agency claims, deferments, forbearances, refunds, and cancellations, master promissory notes, information collected to determine loan discharge eligibility along with eligibility and income verification consents;
[top] (3) Aid applicant and recipient demographic information from aid
(4) Demographic information on the parent(s) of a dependent aid applicant and recipient from aid applications, including, but not limited to, name (current and previous), date of birth, SSN, FSA ID, U.S. passport number, state administered driver's license number, marital status, telephone number, email address, highest level of schooling completed, and income and asset information;
(5) Information related to a borrower's application for an income-driven repayment plan, including information such as current income, family size, repayment plan selection, and, if married, information about the borrower's spouse;
(6) Federal Pell Grant, ACG, National SMART Grant, TEACH Grant, and Iraq and Afghanistan Service Grant amounts and dates of disbursement;
(7) Federal Pell Grant, ACG Grant, National SMART Grant, Iraq and Afghanistan Service Grant, FSEOG, and Federal Perkins Loan Program overpayment amounts;
(8) Information maintained by a guaranty agency, including, demographic, contact, and identifier information, a borrower's FFEL loan(s), and the lender(s), holder(s), and servicer(s) of the borrower's FFEL loan(s);
(9) Information concerning the date of any default on loans;
(10) Information on financial institutions participating in the loan participation and sale programs established by the Department under the Ensuring Continued Access to Student Loan Act of 2008 (ECASLA) (Pub. L. 110-227), including the collection of ECASLA loan-level funding amounts, dates of ECASLA participation for financial institutions, dates and amounts of loans sold to the Department under ECASLA, and the amount of loans funded by the Department's programs but repurchased by the lender;
(11) Student enrollment information for individuals who have received title IV, HEA aid, such as enrollment status, information on the student's educational institution, level of study, the Classification of Instructional Programs (CIP) code, and published length for the program in which the student enrolled for at an institution or programs of studies at the post-secondary institution;
(12) Case records on applications for borrower defense discharge;
(13) Case records on complaints and feedback regarding title IV, HEA programs, Department contractors, and the practices and processes of the Department and fraud referrals;
(14) Records on title IV, HEA aid applicants and recipients under title IV, HEA programs, the parents of aid applicants and recipients under title IV, HEA programs, and PLUS loan endorsers who apply for an FSA user ID and password, including password recovery questions and answers;
(15) Records of borrower contacts (phone calls and letters);
(16) HEAL Program records, when loaded into the system for analysis of HEAL borrowers' use of the title IV, HEA programs;
(17) Reference data about lenders and guaranty agencies, such as parent-subsidiary lender relationships, in addition to aggregated financials from lenders and guaranty agencies;
(18) Centralized identifying and contact information received from the FAFSA®, origination and disbursement records, loan servicers, and customers (via the studentaid.gov interface), augmented by algorithms to identify the most accurate and/or up-to-date identifying and contact records;
(19) Credit check details, decision, adverse reasons/credit bureau info and credit appeal information on PLUS loan applicants, recipients and endorsers; and
(20) The system maintains student enrollment information for individuals who have received title IV, HEA aid and records on the level of study, CIP code, and published length of an educational program in which a student receiving title IV, HEA aid; and
(21) Loan discharge income eligibility information, associated discharge eligibility and income verification consent information from discharge applicants or applicable applicant's parent(s) or spouse, and income verification documentation of an aid recipient or applicable aid recipient's parent(s) or spouse, pertaining to discharge of eligible loans under title IV, HEA programs.
RECORD SOURCE CATEGORIES
Information for this system is obtained from other Department systems, such as Federal Loan Servicers' IT systems (covered by the system of records titled "Common Services for Borrowers (CSB)" (18-11-16)); the Debt Management and Collection System (DMCS) (covered by the system of records titled "Common Services for Borrowers (CSB)" (18-11-16)); COD (covered by the system of records titled "Common Origination and Disbursement (COD) System" (18-11-02)); and the Financial Management System (FMS) (covered by the system of records titled "Financial Management System (FMS)" (18-11-17).)
In addition, the EDMAPS system currently receives Federal Loan Servicer, DMCS, guaranty agency, and certain postsecondary education institution information on Perkins Loans via the SAIG, Participant Management System (covered by the system of records titled "Student Aid internet Gateway (SAIG), Participation Management System" (18-11-10)).
Further, the EDMAPS system currently receives data originating from PEPS (covered by the system of records titled "Postsecondary Education Participants System" (18-11-09)) and the Central Processing System (CPS) (covered by the system of records titled "Federal Student Aid Application File" (18-11-01)) via COD.
The EDMAPS system also receives enrollment records, including program-level enrollment records, from NSLDS (covered by the system of records titled "National Student Loan Data System (NSLDS)" (18-11-06)) or any successor system.
The EDMAPS system receives origination and disbursement records on Federal Pell Grants, ACGs, National SMART Grants, TEACH Grants, Iraq and Afghanistan Service Grants, and Direct Loans; master promissory note records; records of PLUS loan credit checks and credit appeals; annual aggregated Federal Campus-Based Program (FWS, FSEOG, and Perkins Loan) records from post-secondary institutions; consolidation loan application records; repayment plan application records; and financial literacy (entrance and exit) counseling records from COD (covered by the systems of records titled "Common Origination and Disbursement (COD) System" (18-11-02)) or any successor system.
In addition, the EDMAPS system receives aggregated guaranty agency and lender financials, as well as lender, guaranty agency, and parent-subsidiary organization lender reference data from FMS (covered by the system of records titled "Financial Management System (FMS)" (18-11-17)) or any successor system.
[top] Further, the EDMAPS system receives records from PAS (covered by the system of records titled "Person Authentication Service (PAS)" (18-11-12)) or any successor system, which covers aid applicants and recipients
Upon request, approved EDMAPS users also receive reports from HEAL (covered by the system of records titled "Health Education Assistance Loan (HEAL) Program" (18-11-20)), which they upload into EDMAPS for analytical and reporting purposes.
Moreover, the EDMAPS system receives borrower defense case records and complaint, feedback, and fraud referral case records from CEMS (covered by the system of records entitled "Customer Engagement Management System (CEMS)" (18-11-11)) or its successor system.
Finally, the EDMAPS system may also obtain information from other persons or entities from whom or from which information is obtained following a disclosure under the routine uses set forth below.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
The Department may disclose information contained in a record in this system of records under the routine uses listed in this system of records without the consent of the individual if the disclosure is compatible with the purposes for which the record was collected. The Department may make these disclosures on a case-by-case basis or, if the Department has complied with the computer matching requirements of the Privacy Act of 1974, as amended (Privacy Act), under a computer matching agreement.
(1) Program Disclosures. The Department may disclose records from this system of records for the following program purposes:
(a) To promote transparency, and the effective and efficient administration, of title IV, HEA programs, the Department may disclose records to guaranty agencies, educational institutions, financial institutions, and Federal, State, Tribal, and local government agencies;
(b) To detect, prevent, mitigate, and recoup improper payments in title IV, HEA programs, the Department may disclose records to guaranty agencies, educational institutions, financial institutions, and Federal, State, Tribal, and local government agencies; and
(c) To support auditors and program reviewers in planning and carrying out their assessments of title IV, HEA program compliance, the Department may disclose records to guaranty agencies, educational institutions, financial institutions and servicers, and Federal, State, Tribal, and local government agencies; and
(d) To assist with the determination of eligibility for loan discharges, the Department may disclose records to holders of loans made under title IV of the HEA;.
(2) Congressional Member Disclosure. The Department may disclose the records of an individual to a member of Congress or the member's staff when necessary to respond to an inquiry from the member made at the written request of that individual and on behalf of that individual. The member's right to the information is no greater than the right of the individual who requested it.
(3) Enforcement Disclosure. In the event that information in this system of records indicates, either on its face or in connection with other information, a violation or potential violation of any applicable statute, regulation, or order of a competent authority, the Department may disclose the relevant records to the appropriate government agency, whether Federal, State, Tribal, or local, charged with investigating or prosecuting that violation or charged with enforcing or implementing the statute, regulation, or order issued pursuant thereto.
(4) Litigation and Alternative Dispute Resolution (ADR) Disclosure.
(a) Introduction. In the event that one of the following parties listed in subparagraphs (i) through (v) is involved in judicial or administrative litigation or ADR, or has an interest in judicial or administrative litigation or ADR, the Department may disclose certain records from this system of records to the parties described in paragraphs (b), (c), and (d) of this routine use under the conditions specified in those paragraphs:
(i) The Department or any of its components;
(ii) Any Department employee in their official capacity;
(iii) Any Department employee in their individual capacity if the U.S. Department of Justice (DOJ) has been requested to or has agreed to provide or arrange for representation of the employee;
(iv) Any Department employee in their individual capacity when the Department has agreed to represent the employee;
(v) The United States when the Department determines that the litigation is likely to affect the Department or any of its components.
(b) Disclosure to DOJ. If the Department determines that disclosure of certain records to DOJ is relevant and necessary to judicial or administrative litigation or ADR, the Department may disclose those records as a routine use to DOJ.
(c) Adjudicative Disclosure. If the Department determines that it is relevant and necessary to judicial or administrative litigation or ADR to disclose certain records from this system of records to an adjudicative body before which the Department is authorized to appear or to a person or an entity designated by the Department or otherwise empowered to resolve or mediate disputes, the Department may disclose those records as a routine use to the adjudicative body, person, or entity.
(d) Disclosure to Parties, Counsel, Representatives, and Witnesses. If the Department determines that disclosure of certain records to a party, counsel, representative, or witness is relevant and necessary to the judicial or administrative litigation or ADR, the Department may disclose those records as a routine use to the party, counsel, representative, or witness.
(5) Employment, Benefit, and Contracting Disclosure.
(a) For Decisions by the Department. The Department may disclose a record from this system of records to a Federal, State, Tribal, or local government agency maintaining civil, criminal, or other relevant enforcement or other pertinent records, or to another public agency or professional organization, if necessary to obtain information relevant to a Department decision concerning the hiring or retention of an employee or other personnel action; the issuance of a security clearance; the letting of a contract; or the issuance of a license, grant, or other benefit.
(b) For Decisions by Other Public Agencies and Professional Organizations. The Department may disclose a record to a Federal, State, Tribal, local, or other government or public agency or professional organization, in connection with the hiring or retention of an employee or other personnel action, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit, to the extent that the record is relevant and necessary to the receiving entity's decision on the matter.
[top] (6) Employee Grievance, Complaint, or Conduct Disclosure. If a record is relevant and necessary to a grievance, complaint, or disciplinary action involving a present or former employee of the Department, the Department may disclose the record during investigation, fact-finding, or adjudication to any party to the grievance, complaint, or action; to
(7) Labor Organization Disclosure. The Department may disclose a record to an arbitrator to resolve disputes under a negotiated grievance procedure or to officials of a labor organization recognized under 5 U.S.C. chapter 71 when relevant and necessary to their duties of exclusive representation.
(8) Freedom of Information Act (FOIA) and Privacy Act Advice Disclosure. The Department may disclose records to DOJ or the OMB if the Department concludes that disclosure is desirable or necessary in determining whether particular records are required to be disclosed under the FOIA or the Privacy Act.
(9) Disclosure to DOJ. The Department may disclose records to DOJ to the extent necessary for obtaining DOJ advice on any matter relevant to an audit, inspection, or other inquiry related to the programs covered by this system.
(10) Contract Disclosure. If the Department contracts with an entity to perform any function that requires disclosure of records in this system to employees of the contractor, the Department may disclose the records to those employees. As part of such a contract, the Department shall require the contractor to agree to establish and maintain safeguards to protect the security and confidentiality of the disclosed records.
(11) Research Disclosure. The Department may disclose records to a federal researcher if the Department determines that the individual or organization to which the disclosure would be made is qualified to carry out specific research related to the functions or purposes of this system of records. The Department may disclose records from this system of records to that federal researcher solely for the purpose of carrying out that research related to the functions or purposes of this system of records. The federal researcher shall be required to agree to establish and maintain safeguards to protect the security and confidentiality of the disclosed records.
(12) Disclosure in the Course of Responding to a Breach of Data. The Department may disclose records from this system of records to appropriate agencies, entities, and persons when (a) the Department suspects or has confirmed that there has been a breach of the system of records; (b) the Department has determined that, as a result of the suspected or confirmed breach, there is a risk of harm to individuals, the Department (including its information systems, programs, and operations), the Federal government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
(13) Disclosure in Assisting Another Agency in Responding to a Breach of Data. The Department may disclose records from this system to another Federal agency or Federal entity, when the Department determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach, or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
(14) Disclosure to the OMB and CBO for Federal Credit Reform Act (FCRA) Support. The Department may disclose records to OMB and CBO as necessary to fulfill FCRA requirements in accordance with 2 U.S.C. 661b, except for federal tax information, per 26 U.S.C. 6103.
(15) Disclosure to National Archives and Records Administration (NARA). The Department may disclose records from this system of records to NARA for the purpose of records management inspections conducted under authority of 44 U.S.C. 2904 and 2906.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
The Department electronically stores information at the AWS site referenced in the foregoing section titled "SYSTEM LOCATION." For example, the Department electronically stores, for the entire Federal Student Aid life cycle from application through loan payoff, student and aid applicant demographic and title IV, HEA aid information such as, but not limited to, FFEL program, FISL program, and Perkins loan records on AWS site. The Department also stores electronic master promissory notes, electronic Special Direct Consolidation Loan opportunity applications and promissory notes, electronic requests to repay a Direct Loan under an income-driven repayment plan, and Federal Direct Consolidation Loan applications and promissory notes on AWS site. Finally, data obtained from the paper promissory notes or the paper loan discharge eligibility form are stored on hard disks at the AWS site. (These are referred to as metadata and are used by the system to link promissory notes or loan discharge eligibility form to aid recipient.)
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
With some exceptions, the Department does not generally use the EDMAPS system for the retrieval of individual records. However, system administrators and a handful of privileged users are able to retrieve records from the EDMAPS system by award ID, customer ID, borrower ID, an individual's SSN, last name, first name, and date of birth. Further, the Department uses the EDMAPS system to retrieve individual records to process income eligibility information and other information about income of aid recipients and to send it to Federal Loan Servicers for the discharge of eligible student loans under the title IV, HEA programs. Internal reports also provide a secure vehicle for approved Department employees and Department contractor staff to access samples of individual records, for example as part of performing program reviews.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
The Department has submitted a retention and disposition schedule that covers the primary records contained in this system to NARA for review. The Department will treat these records as "permanent records," as defined in 36 CFR 1220.18, until such time as a final disposition is approved.
The EDMAPS system may also contain certain records that the Department considers, on a case-by-case basis and with the approval of the Agency Records Officer, to be covered by General Records Schedule 5.2, "Transitory and Intermediary Records."
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
[top] All users of the system will have a unique user ID with password. In addition to the user ID and password, users must authenticate their Personal Identity Verification (PIV) card to access the system, from within either the Department's Network, the Department's Global Protect Virtual Private Network (VPN), or the Department's vendor's AnyConnect Cisco VPN. Users are required to change their password at least every 60 days in accordance with the Department's information technology standards. All physical access to the information housed in the EDMAPS system locations is controlled and monitored by
The computer system employed by the Department offers a high degree of resistance to tampering and circumvention with firewalls, encryption, and password protection. This security system limits data access to Department and Department contractor staff on a "need-to-know" basis and controls individual users' ability to access and alter records within the system. All interactions by users of the system are recorded. Users of the EDMAPS system do not see personally identifiable information (PII), even when looking at individual records. EDMAPS tokenizes PII, meaning that PII are swapped out for non-sensitive random values. This does not prevent users of EDMAPS from joining tables containing the same PII data element, because tokenization ensures that the same non-sensitive value is swapped out in every table that has that particular data element, for example SSN or date of birth.
In accordance with the Federal Information Security Management Act of 2002 (FISMA), as amended by the Federal Information Security Modernization Act of 2014, every Department system must receive a signed Authorization to Operate (ATO) from a designated Department official. The ATO process includes a rigorous assessment of security and privacy controls, a plan of actions and milestones to remediate any identified deficiencies, and a continuous monitoring program.
FISMA controls implemented are comprised of a combination of management, operational, and technical controls, and include the following control families: access control, awareness and training, audit and accountability, security assessment and authorization, configuration management, contingency planning, identification and authentication, incident response, maintenance, media protection, physical and environmental protection, planning, personnel security, privacy, risk assessment, system and services acquisition, system and communications protection, system and information integrity, and program management.
RECORD ACCESS PROCEDURES:
If you wish to gain access to a record regarding you in this system of records, contact the system manager at the address listed above. You must provide the system manager with the necessary particulars such as your full, legal name, date of birth, address, and any other identifying information requested by the Department while processing the request in order to distinguish between individuals with the same name. Requesters must also reasonably specify the record contents sought. Your request must meet the requirements of the regulations at 34 CFR 5b.5, including proof of identity.
CONTESTING RECORD PROCEDURES:
If you wish to contest the content of your personal record within the system of records, contact the system manager at the address listed above and provide your full, legal name, date of birth, and SSN. Identify the specific items to be changed and provide a written justification for the change. Requests to amend a record must meet the requirements in 34 CFR 5b.7.
NOTIFICATION PROCEDURES:
If you wish to determine whether a record exists regarding you in the system of records, contact the system manager at the address listed above. You must provide necessary particulars such as your full, legal name, date of birth, address, and any other identifying information requested by the Department while processing the request to distinguish between individuals with the same name. Requests must meet the requirements in 34 CFR 5b.5, including proof of identity.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
[FR Doc. 2022-19886 Filed 9-12-22; 8:45 am]
BILLING CODE 4000-01-P