Skip to Content

Notice

Privacy Act of 1974; System of Records

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

Federal Student Aid, Department of Education.

ACTION:

Notice of an altered system of records.

SUMMARY:

In accordance with the Privacy Act of 1974, as amended (Privacy Act), 5 U.S.C. 552a, the Chief Operating Officer for Federal Student Aid (FSA) of the U.S. Department of Education (the Department) publishes this notice of an altered system of records entitled “Person Authentication Service (PAS)” (18-11-12).

PAS contains records about former, current, and prospective students, and their parents and endorsers, who apply for a user ID and password (FSA ID). The PAS system will be used to generate authentication and log-on credentials for those individuals wishing to access various student financial assistance systems, online applications, Web sites, and services to obtain information about their personal records. PAS will replace the current Department of Education (ED) Personal Identification Number (PIN) Registration System, and the ED PIN Registration System will be retired. The system of records notice for the ED PIN Registration System is 18-11-12; it was published in the Federal Register on December 27, 1999 (64 FR 72400-72402).

PAS will be used to access a variety of Departmental systems and Web sites, including, but not limited to:

  • Free Application for Federal Student Aid (FAFSA; www.fafsa.ed.gov)
  • Studentaid.gov
  • StudentLoans.gov
  • TEACH Grant Agreement to Serve (ATS)
  • Federal Student Aid Information Center (FSAIC)
  • National Student Loan Data System (NSLDS; www.nslds.ed.gov)

Specifically, through this notice, the Department revises the name of the system from the ED PIN Registration System to the PAS and makes alterations to the system, including, but not limited to, the system location, the categories of records maintained in this system, the system's purposes, and the system's routine uses. Additionally, the Department seeks comment on the altered system of records described in this notice, in accordance with the requirements of the Privacy Act.

DATES:

Submit your comments on this notice of an altered system of records on or before April 20, 2015.

The Department filed a report describing the altered system of records covered by this notice with the Chair of the Senate Committee on Homeland Security and Governmental Affairs, the Chair of the House Committee on Oversight and Government Reform, and the Administrator of the Office of Information and Regulatory Affairs, Office of Management and Budget (OMB), on March 10, 2015. This altered system of records will become effective at the later date of: (1) The expiration of the 40-day period for OMB review on April 19, 2015, unless OMB waives 10 days of the 40-day review period for compelling reasons shown by the Department; or (2) April 20, 2015, unless the system of records needs to be changed as a result of public comment or OMB review. The Department will publish any changes to the altered system of records notice that result from public comment or OMB review.

ADDRESSES:

Address all comments about the altered system of records to FSA PAS System Owner, Technology Office, Union Center Plaza (UCP), 830 First Street NE., room 103E2, Washington, DC 20202-5454. Telephone: 202-377-3557. If you prefer to send your comments by email, use the following address: comment@ed.gov. You must include the Start Printed Page 14982term “Person Authentication Service” in the subject line of your electronic message.

During and after the comment period, you may inspect all public comments about this notice in room 103E2, UCP, 10th Floor, 830 First Street NE., Washington, DC, between the hours of 8:00 a.m. and 4:30 p.m., Eastern time, Monday through Friday of each week except Federal holidays.

Assistance to Individuals With Disabilities in Reviewing the Rulemaking Record

On request, we will supply appropriate accommodations or auxiliary aids to an individual with a disability who needs assistance to review the comments or other documents in the public rulemaking record for this notice. If you want to schedule an appointment for this type of accommodation or auxiliary aid, please contact the person listed under FOR FURTHER INFORMATION CONTACT.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

FSA PAS System Owner Infrastructure and Operations Group, UCP, 830 First Street NE., Room 103E2, Washington, DC 20202-5454. Telephone number: (202) 377-3557.

If you use a telecommunications device for the deaf (TDD) or a text telephone (TTY), call the Federal Relay Service (FRS), toll free, at 1-800-877-8339.

Individuals with disabilities can obtain this document in an accessible format (e.g., braille, large print, audiotape, or compact disc) on request to the contact person listed in this section.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

Introduction

The Privacy Act (5 U.S.C. 552a(e)(4) and (11)) requires the Department to publish this notice of an altered system of records in the Federal Register. The Department's regulations implementing the Privacy Act are contained in the Code of Federal Regulations (CFR) in 34 CFR part 5b.

The Privacy Act applies to a record about an individual that is maintained in a system of records from which information is retrieved by an unique identifier associated with each individual, such as a name or Social Security number (SSN). The information about each individual is called a “record,” and the system, whether manual or computer-based, is called a “system of records.”

The Privacy Act requires each agency to publish a system of records notice in the Federal Register and to submit a report to the Administrator of the Office of Information and Regulatory Affairs, OMB whenever the agency publishes a new system of records or significantly alters an established system of records. Each agency is also required to send copies of the report to the Chair of the Senate Committee on Homeland Security and Governmental Affairs and the Chair of the House of Representatives Committee on Oversight and Government Reform. These reports are included to permit an evaluation of the probable effect of the proposal on the privacy rights of individuals.

The PAS system of records will:

1. Allow a user to create and manage an FSA ID that provides a secure credential for access to FSA systems and Web sites;

2. Provide tracking on changes to user account information;

3. Provide matching with the Social Security Administration for identity verification purposes;

4. Provide usage and authentication information for FSA systems and Web sites;

5. Allow a user to electronically sign various student aid applications, including the FAFSA and the Renewal FAFSA, and Direct Loan Master Promissory Notes, as well as to initiate loan deferments or forbearances; and

6. Support the administration of Title IV of the Higher Education Act of 1965, as amended (HEA) programs.

Electronic Access to This Document: The official version of this document is the document published in the Federal Register. Free Internet access to the official edition of the Federal Register and the Code of Federal Regulations is available via the Federal Digital System at: www.gpo.gov/​fdsys. At this site you can view this document, as well as all other documents of this Department published in the Federal Register, in text or Adobe Portable Document Format (PDF). To use PDF you must have Adobe Acrobat Reader, which is available free at the site.

You may also access documents of the Department published in the Federal Register by using the article search feature at: www.federalregister.gov. Specifically, through the advanced search feature at this site, you can limit your search to documents published by the Department.

Start Signature

Dated: March 17, 2015.

James W. Runcie,

Chief Operating Officer, Federal Student Aid.

End Signature

For the reasons discussed in the preamble, the Chief Operating Officer, Federal Student Aid (FSA) of the U.S. Department of Education (the Department), publishes a notice of an altered system of records to read as follows:

SYSTEM NUMBER:

18-11-12.

SYSTEM NAME:

Person Authentication Service (PAS).

SECURITY CLASSFICATION:

None.

SYSTEM LOCATION:

Dell Systems Virtual Data Center, 2300 West Plano Parkway, Plano, TX 75075-8247. (This is the virtual data center for the PAS application.)

PPS Infotech, 1801 Research Blvd., Suite 615, Rockville, MD 20850-3115. (PPS Infotech has access to the system and contracts directly with the Department for the development, operations and maintenance support for PAS.)

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

PAS contains records about former, current, and prospective students, their parents and endorsers who apply for a user ID and password (FSA ID).

CATEGORIES OF RECORDS IN THE SYSTEM:

This system contains identification and authentication information including, but not limited to, first name, middle name, last name, Social Security number (SSN), date of birth, address, telephone number(s), email address, and security challenge questions and corresponding answers.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

The collection of personal information for the creation and management of an FSA ID (which includes a user ID and a password) is authorized programmatically by title IV of the Higher Education Act of 1965, as amended (HEA) (20 U.S.C. 1070, et seq.).

PURPOSE(S):

The information contained in this system will be used to support the administration of title IV of the HEA programs; to generate authentication and log-on credentials for those individuals wishing to access various Departmental student financial assistance systems, online applications, Web sites and services; and to obtain information about their personal records. The system will also provide tracking of changes to user account information, match user information with the Social Security Administration (SSA) for identity verification, and provide usage and authentication information for FSA systems and Web sites.Start Printed Page 14983

PAS will be used to access a variety of Departmental systems, including, but not limited to:

  • Free Application for Federal Student Aid (FAFSA; www.fafsa.ed.gov)
  • Studentaid.gov
  • StudentLoans.gov
  • TEACH Grant Agreement to Serve (ATS)
  • Federal Student Aid Information Center (FSAIC)
  • National Student Loan Data System (NSLDS; www.nslds.ed.gov)

The FSA ID generated and stored by this system may also be used by individuals to electronically sign various student aid applications, including the FAFSA and the Renewal FAFSA, and Direct Loan Master Promissory Notes, as well as to initiate loan deferments or forbearances.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSE OF SUCH USES:

The Department may disclose information contained in a record in this system of records under the routine uses listed in this system of records without the consent of the individual if the disclosure is compatible with a purpose for which the record was collected. These disclosures may be made on a case-by-case basis or, if the Department has complied with the computer matching requirements of the Privacy Act of 1974, as amended (Privacy Act) (5 U.S.C. 552a), under a computer matching agreement (CMA).

(1) Program Disclosures. The Department may disclose records for the following program purposes:

(a) To verify the identity of the individual whom records indicate is applying for, has applied for, has endorsed, or has received a title IV, HEA loan and/or grant, disclosures may be made to: Guaranty agencies, educational and financial institutions, Federal Loan Servicers, Federal Perkins Loan Servicers, and their authorized representatives; Federal, State, or local agencies and their authorized representatives; private parties such as relatives, business and personal associates, and present and former employers; creditors; consumer reporting agencies; adjudicative bodies; and the individual whom the records identify as the endorser or the party obligated to repay the debt;

(b) To determine program eligibility and benefits, disclosures may be made to: Guaranty agencies, educational and financial institutions, Federal Loan Servicers, Federal Perkins Loan Servicers, and their authorized representatives; Federal, State, or local agencies, and their authorized representatives; private parties such as relatives, business and personal associates, and present and former employers; creditors; consumer reporting agencies; and adjudicative bodies;

(c) To facilitate default reduction efforts by program participants, disclosures may be made to: Guaranty agencies, educational and financial institutions, Federal Loan Servicers, Federal Perkins Loan Servicers, and their authorized representatives; Federal, State, or local agencies, and their authorized representatives; consumer reporting agencies; and adjudicative bodies;

(d) To permit the making, servicing, collecting, assigning, adjusting, transferring, referring, or discharging of a loan or collecting a grant obligation, disclosures may be made to: Guaranty agencies, educational institutions, financial institutions, Federal Loan Servicers, or Federal Perkins Loan Servicers that made, held, serviced, or have been assigned the debt, and their authorized representatives; a party identified by the debtor as willing to advance funds to repay the debt; Federal, State, or local agencies, and their authorized representatives; private parties such as relatives, business and personal associates, and present and former employers; creditors; consumer reporting agencies; and adjudicative bodies;

(e) To investigate possible fraud or abuse or verify compliance with program regulations, disclosures may be made to: Guaranty agencies, educational and financial institutions, Federal Loan Servicers, Federal Perkins Loan Servicers, and their authorized representatives; Federal, State, or local agencies, and their authorized representatives; private parties such as relatives, present and former employers, and business and personal associates; creditors; consumer reporting agencies; and adjudicative bodies;

(f) To locate a delinquent or defaulted borrower, or an individual obligated to repay a loan or grant, disclosures may be made to: Guaranty agencies, educational and financial institutions, Federal Loan Servicers, Federal Perkins Loan Servicers, and their authorized representatives; Federal, State, or local agencies, and their authorized representatives; private parties such as relatives, business and personal associates, and present and former employers; creditors; consumer reporting agencies; and adjudicative bodies;

(g) To conduct credit checks or to respond to inquiries or disputes arising from information on the debt already furnished to a credit reporting agency, disclosures may be made to: Credit reporting agencies; guaranty agencies, educational and financial institutions, Federal Loan Servicers, Federal Perkins Loan Servicers, and their authorized representatives; Federal, State, or local agencies, and their authorized representatives; private parties such as relatives, present and former employers, and business and personal associates; creditors; and adjudicative bodies;

(h) To investigate complaints or to update information or correct errors contained in Department records, disclosures may be made to: Guaranty agencies, educational and financial institutions, Federal Loan Servicers, Federal Perkins Loan Servicers, and their authorized representatives; Federal, State, or local agencies, and their authorized representatives; private parties such as relatives, present and former employers, and business and personal associates; creditors; credit reporting agencies; and adjudicative bodies; and

(i) To report information required by law to be reported, including, but not limited to, reports required by 26 U.S.C. 6050P and 6050S, disclosures may be made to the Internal Revenue Service (IRS).

(2) Feasibility Study Disclosure. The Department may disclose information from this system of records to other Federal agencies, and to guaranty agencies and their authorized representatives, to determine whether computer matching programs should be conducted by the Department for purposes such as to locate a delinquent or defaulted debtor or to verify compliance with program regulations.

(3) Disclosure for Use by Other Law Enforcement Agencies. The Department may disclose information to any Federal, State, local, or foreign agency or other public authority responsible for enforcing, investigating, or prosecuting violations of administrative, civil, or criminal law or regulation if that information is relevant to any enforcement, regulatory, investigative, or prosecutorial responsibility within the receiving entity's jurisdiction.

(4) Enforcement Disclosure. In the event that information in this system of records indicates, either alone or in connection with other information, a violation or potential violation of any applicable statutory, regulatory, or legally binding requirement, the Department may disclose the relevant records to an entity charged with the responsibility for investigating or enforcing those violations or potential violations.Start Printed Page 14984

(5) Litigation and Alternative Dispute Resolution (ADR) Disclosure.

(a) Introduction. In the event that one of the parties listed below is involved in judicial or administrative litigation or ADR, or has an interest in such litigation or ADR, the Department may disclose certain records to the parties described in paragraphs (b), (c), and (d) of this routine use under the conditions specified in those paragraphs:

(i) The Department or any of its components;

(ii) Any Department employee in his or her official capacity;

(iii) Any Department employee in his or her individual capacity where the Department of Justice (DOJ) has been requested to or agrees to provide or arrange for representation for the employee;

(iv) Any Department employee in his or her individual capacity where the Department has agreed to represent the employee;

(v) The United States, where the Department determines that the litigation is likely to affect the Department or any of its components.

(b) Disclosure to the DOJ. If the Department determines that disclosure of certain records to the DOJ is relevant and necessary to the judicial or administrative litigation or ADR and is compatible with the purpose for which the records were collected, the Department may disclose those records as a routine use to the DOJ.

(c) Adjudicative Disclosure. If the Department determines that disclosure of certain records to an adjudicative body before which the Department is authorized to appear or to an individual or an entity designated by the Department or otherwise empowered to resolve or mediate disputes is relevant and necessary to judicial or administrative litigation or ADR, the Department may disclose those records as a routine use to the adjudicative body, individual, or entity.

(d) Disclosure to Parties, Counsel, Representatives, and Witnesses. If the Department determines that disclosure of certain records is relevant and necessary to judicial or administrative litigation or ADR, the Department may disclose those records as a routine use to a party, counsel, representative, or witness.

(6) Employment, Benefit, and Contracting Disclosure.

(a) For Decisions by the Department. The Department may disclose a record to a Federal, State, or local agency maintaining civil, criminal, or other relevant enforcement or other pertinent records, or to another public authority or professional organization, if necessary to obtain information relevant to a Department decision concerning the hiring or retention of an employee or other personnel action, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant, or other benefit.

(b) For Decisions by Other Public Agencies and Professional Organizations. The Department may disclose a record to a Federal, State, local, or other public authority or professional organization, in connection with the hiring or retention of an employee or other personnel action, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit, to the extent that the record is relevant and necessary to the receiving entity's decision on the matter.

(7) Employee Grievance, Complaint, or Conduct Disclosure. If a record is relevant and necessary to an employee grievance, complaint, or disciplinary action, the Department may disclose the record in this system of records in the course of investigation, fact-finding, or adjudication to any party or the party's counsel or representative, a witness, or to a designated fact-finder, mediator, or other person designated to resolve issues or decide the matter.

(8) Labor Organization Disclosure. The Department may disclose records from this system of records to an arbitrator to resolve disputes under a negotiated grievance procedure or to officials of labor organizations recognized under 5 U.S.C. chapter 71 when relevant and necessary to their duties of exclusive representation.

(9) Freedom of Information Act (FOIA) and Privacy Act Advice Disclosure. The Department may disclose records to the DOJ or the Office of Management and Budget, if the Department seeks advice regarding whether records maintained in this system of records are required to be disclosed under the FOIA or the Privacy Act.

(10) Disclosure to the DOJ. The Department may disclose records to the DOJ, or the authorized representative of DOJ, to the extent necessary for obtaining DOJ advice on any matter relevant to an audit, inspection, or other inquiry related to the programs covered by this system.

(11) Contract Disclosure. If the Department contracts with an entity for the purposes of performing any function that requires disclosure of records in this system to employees of the contractor, the Department may disclose the records to those employees. Before entering into such a contract, the Department shall require the contractor to establish and maintain Privacy Act safeguards as required under subsection (m) of the Privacy Act (5 U.S.C. 552a(m)) with respect to the records in the system.

(12) Research Disclosure. The Department may disclose records to a researcher if the Department determines that the individual or organization to which the disclosure would be made is qualified to carry out specific research related to functions or purposes of this system of records. The Department may disclose records from this system of records to that researcher solely for the purpose of carrying out that research related to the functions or purposes of this system of records. The researcher shall be required to maintain safeguards required under the Privacy Act with respect to the records in the system.

(13) Congressional Member Disclosure. The Department may disclose the records of an individual to a Member of Congress in response to an inquiry from the Member made at the written request of that individual whose records are being disclosed. The Member's right to the information is no greater than the right of the individual who requested the inquiry.

(14) Disclosure to OMB for Federal Credit Reform Act (CRA) Support. The Department may disclose records to OMB as necessary to fulfill CRA requirements. These requirements currently include transfer of data on lender interest benefits and special allowance payments, defaulted loan balances, and supplemental pre-claims assistance payments information.

(15) Disclosure in the Course of Responding to a Breach of Data. The Department may disclose records from this system to appropriate agencies, entities, and persons when: (a) The Department suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; (b) the Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other system or programs (whether maintained by the Department or another agency or entity) that rely upon the compromised information; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

(16) Disclosure to Third Parties through Computer Matching Programs. Start Printed Page 14985Unless otherwise prohibited by other laws, any information from this system of records, including personal information obtained from other agencies through computer matching programs, may be disclosed to any third party through a computer matching program that is conducted under a CMA between the Department and the third party and requires that the matching be conducted in compliance with the requirements of the Privacy Act. Purposes of these disclosures may be to: (a) Establish or verify program eligibility and benefits; (b) establish or verify compliance with program regulations or statutory requirements, such as to investigate possible fraud or abuse; and (c) recoup payments or delinquent debts under any Federal benefit programs, such as locating or taking legal action against a delinquent or defaulted debtor.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:

Disclosures pursuant to 5 U.S.C. 552a(b)(12). The Department may disclose to a consumer reporting agency information regarding a valid overdue claim of the Department; such information is limited to: (1) The name, address, taxpayer identification number and other information necessary to establish the identity of the individual responsible for the claim; (2) the amount, status, and history of the claim; and (3) the program under which the claim arose. The Department may disclose the information specified in this paragraph under 5 U.S.C. 552a(b)(12) and the procedures contained in 31 U.S.C. 3711(e). A consumer reporting agency to which these disclosures may be made is defined at 15 U.S.C. 1681a(f) and 31 U.S.C. 3701(a)(3).

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:

STORAGE:

The records are stored electronically.

RETRIEVABILITY:

The records are retrievable by SSN, name, or an unique internal account identifier.

SAFEGUARDS:

All physical access to the Department site, and the sites of the Department contractors where this system of records is maintained, is controlled and monitored by security personnel who check each individual entering the building for his or her employee or visitor badge.

The computer system employed by the Department offers a high degree of resistance to tampering and circumvention. This security system limits data access to Department and contract staff on a need-to-know basis, and controls individual users' ability to access and alter records within the system. All users of this system of records will have an unique User ID and corresponding password conforming to the Department's security policy. All interactions by individual users with the system are recorded.

Additionally, in accordance with the Federal Information Security Management Act of 2002 (FISMA), PAS must receive a signed Authority to Operate (ATO) from a designated Department official. The ATO process includes an assessment of security controls, a plan of action, milestones to remediate any identified deficiencies, and a continuous monitoring program.

FISMA controls implemented by the Department include a combination of management, operational, and technical controls, and include the following control families: Access control, awareness and training, audit and accountability, security assessment and authorization, configuration management, contingency planning, identification and authentication, incident response, maintenance, media protection, physical and environmental protection, planning, personnel security, privacy, risk assessment, system and services acquisition, system and communications protection, system and information integrity, and program management.

RETENTION AND DISPOSAL:

The Department of Education has submitted a records retention and disposition schedule for the records covered by this system of records to the National Archives and Records Administration (NARA) for approval. No records will be destroyed prior to receiving NARA-approved disposition authority.

SYSTEM MANAGER(S) AND ADDRESS:

PAS Manager, Technology Office, Federal Student Aid, UCP, 830 First St. NE., Room 103E2, Washington, DC 20202.

NOTIFICATION PROCEDURE:

If you wish to determine whether a record exists regarding you in the system of records, provide the system manager with your name, date of birth, and SSN. Your request must meet the requirements of the Department's Privacy Act regulations at 34 CFR 5b.5, including proof of identity. You may address your request to the system manager at the address above.

RECORD ACCESS PROCEDURES:

If you wish to gain access to a record regarding you in the system of records, you can visit the ED PAS Account Management site, call the FAFSA on the web phone number listed on the Web site, or contact the system manager at the address given above. Your request must meet the requirements of the Department's Privacy Act regulations at 34 CFR 5b.5, including proof of identity.

CONTESTING RECORD PROCEDURES:

If you wish to contest the content of a record regarding you in the system of records, you can contact the Customer Service Department at the telephone number listed on the PAS login or registration Web site (Federal Student Aid Information Center (FSAIC): 1-800-4-FED-AID (1-800-433-3243) or TTY (for the hearing impaired): 1-800-730-8913. Your request must meet the requirements of the Department's Privacy Act regulations at 34 CFR 5b.7.

If the SSN you provided to create the account does not match the records of the Social Security Administration (SSA), you will need to correct your SSN in PAS or contact the local office of the SSA for a SSN correction.

RECORD SOURCE CATEGORIES:

The identifying information (first name, middle name, last name, SSN, date of birth, address, telephone number, email address, security challenge questions and corresponding answers) will be collected from individuals applying for an FSA ID at the PAS registration Web site. In addition, PAS receives records from SSA which are maintained in the system.

EXEMPTIONS CLAIMED FOR SYSTEM:

None.

End Supplemental Information

[FR Doc. 2015-06503 Filed 3-19-15; 8:45 am]

BILLING CODE 4000-01-P