Notice2022-19886
Privacy Act of 1974; System of Records
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
September 13, 2022
Issuing agencies
Education Department
Abstract
In accordance with the Privacy Act of 1974, as amended (Privacy Act) (5 U.S.C. 552a), the U.S. Department of Education (Department) publishes this notice of a new system of records titled "Enterprise Data Management and Analytics Platform Services (EDMAPS)" (18-11-22). The EDMAPS system is a data analytics platform that ingests data from multiple Federal Student Aid (FSA) systems of records to perform big-data analytics on FSA data in one common location, produce reports and statistical models, and serve as a centralized repository of information about FSA customers across the full student aid life cycle.
Full Text
<html>
<head>
<title>Federal Register, Volume 87 Issue 176 (Tuesday, September 13, 2022)</title>
</head>
<body><pre>
[Federal Register Volume 87, Number 176 (Tuesday, September 13, 2022)]
[Notices]
[Pages 56038-56044]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2022-19886]
[[Page 56038]]
-----------------------------------------------------------------------
DEPARTMENT OF EDUCATION
[Docket ID ED-2022-FSA-0108]
Privacy Act of 1974; System of Records
AGENCY: Federal Student Aid, U.S. Department of Education.
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act of 1974, as amended
(Privacy Act) (5 U.S.C. 552a), the U.S. Department of Education
(Department) publishes this notice of a new system of records titled
``Enterprise Data Management and Analytics Platform Services (EDMAPS)''
(18-11-22). The EDMAPS system is a data analytics platform that ingests
data from multiple Federal Student Aid (FSA) systems of records to
perform big-data analytics on FSA data in one common location, produce
reports and statistical models, and serve as a centralized repository
of information about FSA customers across the full student aid life
cycle.
DATES: Submit your comments on this new system of records notice on or
before October 13, 2022.
This new system of records will become effective upon publication
in the Federal Register on September 13, 2022, unless it needs to be
changed as a result of public comment, except for the routine uses. The
routine uses, listed in the section titled ``ROUTINE USES OF RECORDS
MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF
SUCH USES,'' will become effective on October 13, 2022, unless they
need to be changed as a result of public comment. The Department will
publish any significant changes to the new system of records notice or
routine uses resulting from public comment.
ADDRESSES: Comments must be submitted via the Federal eRulemaking
Portal at <a href="http://regulations.gov">regulations.gov</a>. However, if you require an accommodation or
cannot otherwise submit your comments via <a href="http://regulations.gov">regulations.gov</a>, please
contact the program contact person listed under FOR FURTHER INFORMATION
CONTACT. The Department will not accept comments submitted by fax or by
email or those submitted after the comment period. To ensure that we do
not receive duplicate copies, please submit your comments only once. In
addition, please include the Docket ID at the top of your comments.
Federal eRulemaking Portal: Go to <a href="http://www.regulations.gov">www.regulations.gov</a> to submit
your comments electronically. Information on using Regulations.gov,
including instructions for accessing agency documents, submitting
comments, and viewing the docket, is available on the site under the
``help'' tab.
Privacy Note: The Department's policy is to make all comments
received from members of the public available for public viewing in
their entirety on the Federal eRulemaking Portal at
<a href="http://www.regulations.gov">www.regulations.gov</a>. Therefore, commenters should be careful to include
in their comments only information that they wish to make publicly
available.
Assistance to Individuals With Disabilities in Reviewing the
Rulemaking Record: On request, we will supply an appropriate
accommodation or auxiliary aid to an individual with a disability who
needs assistance to review the comments or other documents in the
public rulemaking record for this notice. If you want to schedule an
appointment for this type of accommodation or auxiliary aid, please
contact the person listed under FOR FURTHER INFORMATION CONTACT.
FOR FURTHER INFORMATION CONTACT: Barry Goldstein, Chief Data Officer,
FSA, U.S. Department of Education, UCP, Room 64E1, 830 First Street NE,
Washington, DC 20202-5454. Telephone: (202) 377-4563.
If you are deaf, hard of hearing, or have a speech disability and
wish to access telecommunications relay services, please dial 7-1-1.
SUPPLEMENTARY INFORMATION:
Introduction
The EDMAPS system provides a unified data platform and common data
environment for FSA to improve the accuracy and consistency of student
aid life cycle data. As described in greater detail below, the EDMAPS
system brings together one of FSA's largest data platforms, the
Enterprise Data Warehouse and Analytics (EDWA), and two newly created
components, a Data Lake and Person Master Data Management (pMDM), to
manage and reconcile data.
Information from the student aid life cycle will be stored in
EDMAPS to, among other things, support the principle of Master Data
Management, with the goal of establishing a master copy of key data
elements after reconciling and resolving interface discrepancies among
various FSA databases.
The EDMAPS system provides a more flexible data architecture that
will allow FSA to, among other things, more efficiently and accurately
respond to complex data requests and mandated changes in title IV of
the Higher Education Act of 1965, as amended (HEA) (20 U.S.C. 1070 et
seq.), policies and operations. It will also allow FSA to, for
instance, provide additional insights into title IV, HEA programs,
improve oversight of FSA vendors, and develop a global view of FSA
operations.
In summary, the EDMAPS system consists of the following components:
(i) Enterprise Data Warehouse and Analytics (EDWA)--a data
warehouse that ingests enterprise-wide data for the purposes of
reporting, analytics, and the development of statistical models. FSA
leverages EDWA in daily operations to help aid applicants and
recipients achieve better outcomes through outreach to borrowers at
risk of default and of being defrauded;
(ii) Person Master Data Management (pMDM)--an EDMAPS system
component that uses algorithms to identify the most accurate and/or up-
to-date identifying and contact records for an aid applicant, aid
recipient, and parent or spouse of an aid applicant or recipient, as
applicable; and
(iii) Data Lake--a secure environment for receiving large
quantities of raw data with the capability to curate the data into
structured databases or the EDWA, archive data for future use, present
structured and unstructured data to users for reporting and query
purposes, and manage unstructured data for search or conversion to
structured data utilizing optical character recognition (OCR) software.
Unstructured data include pdf files, servicer telephone conversations,
and free-text fields from feedback/complaint forms.
EDMAPS differs from other FSA systems that contain similar or the
same information in that its architecture and purpose primarily focus
on analytics, reporting, and modeling, with limited focus on production
including loan discharge (as explained below). FSA's production systems
interact with key participants in the financial aid process, such as
postsecondary institutions, and in many cases, can be used to generate
reports or analysis, but their primary purpose is production and
operations of the title IV, HEA programs. For instance, in addition to
receiving replicated data, EDMAPS maintains month-end snapshots of data
and roll ups of data, which facilitate reporting, analysis, and
trending not only of recent data but also of historical data.
EDMAPS also contains built-in statistical tools, such as Python and
SAS, to facilitate regressions, modeling,
[[Page 56039]]
and big data analysis, all features that do not exist in the other
systems.
Richard Cordray,
Chief Operating Officer, Federal Student Aid.
For the reasons discussed in the preamble, the U.S. Department of
Education publishes a notice of a new system of records to read as
follows:
SYSTEM NAME AND NUMBER:
``Enterprise Data Management and Analytics Platform Services
(EDMAPS)'' (18-11-22).
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Federal Student Aid (FSA), U.S. Department of Education
(Department), Union Center Plaza (UCP), 830 First Street NE,
Washington, DC 20202-5454.
Amazon Web Services (AWS), 1200 12th Avenue, Suite 1200, Seattle,
WA 98114. (This is the Computer Center for the EDMAPS system's
application, where all electronic EDMAPS system information is
processed and stored.)
Accenture, 22451 Shaw Road, Sterling, VA 20166-4319. (The EDMAPS
system's Sterling Cloud-based Operations is located here.)
Accenture DC, 810 First Street NE, Washington, DC 20202-4227. (This
is the EDMAPS system's Operations Center.)
SYSTEM MANAGER(S):
System Owner, EDMAPS System, Federal Student Aid (FSA), U.S.
Department of Education (Department), Union Center Plaza (UCP), Room
102-E5, 830 First Street NE, Washington, DC 20202.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The EDMAPS system is authorized under title I, Part D, and title IV
of the Higher Education Act of 1965, as amended (HEA) (20 U.S.C. 1018--
1018b and 20 U.S.C. 1070 et seq.), the Presidential Memorandum
entitled, ``A Student Aid Bill of Rights to Help Ensure Affordable Loan
Repayment'' (March 10, 2015), the Higher Education Relief Opportunities
for Students Act of 2003 (HEROES Act) (20 U.S.C. 1098bb) (including any
waivers or modifications that the Secretary of Education deems
necessary to make to any statutory or regulatory provision applicable
to the student financial assistance programs under title IV of the HEA
to achieve specific purposes listed in the section in connection with a
war, other military operation, or a national emergency), and sections
701(b) and 702(m) of the FAFSA Simplification Act, title VII, Division
FF of Public Law (Pub. L.) 116-260, Consolidated Appropriations Act,
2021.
The EDMAPS system is largely comprised of records that originate
from, and are also maintained in, other Department systems of records.
Therefore, the Department is also listing the more specific authorities
for those systems of records here:
(1) National Student Loan Data System (NSLDS) (18-11-06). The
authority under which the NSLDS system of records is maintained
includes sections 101, 102, 132(i), 485, and 485B of the HEA (20 U.S.C.
1001, 1002, 1015a(i), 1092, and 1092b), and sections 431(2) and (3) of
the General Education Provisions Act (20 U.S.C. 1231a(2)-(3)). The
collection of Social Security numbers (SSNs) of aid applicants and
recipients who are covered by the NSLDS system is authorized by 31
U.S.C. 7701 and Executive Order 9397 (November 22, 1943), as amended by
Executive Order 13478 (November 18, 2008);
(2) Common Origination and Disbursement (COD) (18-11-02). The COD
system of records is authorized under title IV of the HEA and the
HEROES Act (including any waivers or modifications that the Secretary
of Education deems necessary to make to any statutory or regulatory
provision applicable to the student financial assistance programs under
title IV of the HEA to achieve specific purposes listed in the section
in connection with a war, other military operation, or a national
emergency);
(3) Common Services for Borrowers (CSB) (18-11-16). The CSB system
of records is authorized by titles IV-A, IV-B, IV-D, and IV-E of the
HEA;
(4) Health Education Assistance Loan (HEAL) Program (18-11-20). The
authority for maintenance of the HEAL Program system of records
includes sections 701 and 702 of the Public Health Service Act, as
amended (PHS Act) (42 U.S.C. 292 and 292a), which authorize the
establishment of a Federal program of student loan insurance; section
715 of the PHS Act (42 U.S.C. 292n), which directs the Secretary of
Education to require institutions to provide information for each
student who has a loan; section 709(c) of the PHS Act (42 U.S.C.
292h(c)), which authorizes disclosure and publication of HEAL
defaulters; the Debt Collection Improvement Act (31 U.S.C. 3701 and
3711-3720E); and the Consolidated Appropriations Act, 2014, Division H,
title V, section 525 of Pub. L. 113-76, which transferred the authority
to administer the HEAL program from the Secretary of Health and Human
Services to the Secretary of Education;
(5) Financial Management System (FMS) (18-11-17). The FMS system of
records is authorized by title IV of the HEA;
(6) Postsecondary Education Participants Systems (PEPS) (18-11-09).
The PEPS system of records is authorized by sections 481, 487, 498 of
the HEA (20 U.S.C. 1088, 1094, 1099c) and section 31001(i)(1) of the
Debt Collection Improvement Act of 1996, Pub. L. 104-134 (31 U.S.C.
7701);
(7) Person Authentication Service (PAS) (18-11-12). The PAS system
of records and the collection of personal information for the creation
and management of an FSA ID (which includes a user ID and a password)
is authorized programmatically by title IV of the HEA;
(8) Student Aid Internet Gateway (SAIG), Participation Management
System (18-11-10). The SAIG, Participation Management System, system of
records is authorized by title IV of the HEA. The collection of SSNs of
users of the SAIG, Participation Management System is authorized by 31
U.S.C. 7701 and Executive Order 9397, as amended by Executive Order
13478 (November 18, 2008);
(9) Aid Awareness and Application Processing (18-11-21). The Aid
Awareness and Application Processing system of records is authorized
under title IV of the HEA (20 U.S.C. 1070 et seq.) and 20 U.S.C.
1018(f) and 1087e(h). The collection of SSNs of users of the Federal
Student Aid Application File system is also authorized by 31 U.S.C.
7701 and Executive Order 9397, as amended by Executive Order 13478
(November 18, 2008).
PURPOSE(S) OF THE SYSTEM:
The information contained in this system of records is maintained
for the following purposes (Note: Different parts of the HEA use the
terms ``discharge,'' ``cancellation,'' or ``forgiveness'' to describe
when a borrower's loan amount is reduced, in whole or in part, by the
Department. To reduce complexity, this system of records notice uses
the term ``discharge'' to include all three terms (``discharge,''
``cancellation,'' and ``forgiveness''), including, but not limited to,
discharges of student loans made pursuant to specific benefit programs.
At times, this system of records notice may refer by name to a specific
benefit program, such as the ``Public Service Loan Forgiveness''
program; such specific references are not intended to exclude any such
program benefits from more general references to loan discharges):
[[Page 56040]]
(1) To provide master data management, to serve as a production
database, and to provide common naming conventions and standards;
(2) To provide a data warehouse for analytics, reporting, and
modeling;
(3) To provide the Data Lake for the storage of large data sets,
both structured and unstructured. (PDFs and audio files are examples of
unstructured data);
(4) To provide analytics and reporting, including querying,
modeling, forecasting, and visualizing, for the purpose of
administering the title IV, HEA programs effectively and efficiently;
(5) To improve transparency by publicly releasing information and
reports, as required by the Foundations for Evidence-Based Policymaking
Act of 2018 and title IV of the HEA;
(6) To support research, analysis, and development, and the
implementation and evaluation of education policies in relation to
title IV, HEA programs;
(7) To support Federal budget analysts in the Department, the
Office of Management and Budget (OMB), and the Congressional Budget
Office (CBO) in the development of budget needs and forecasts;
(8) To help aid applicants and recipients achieve better outcomes
through outreach to aid applicants and recipients at risk of default
and of being defrauded;
(9) To determine aid recipients' eligibility for discharges of
loans under title IV of the HEA;
(10) To maintain and process information and documentation,
including, but not limited to, loan discharge income eligibility
information, associated consent information for the purposes of
eligibility determination and verification information obtained from
applicants, or applicable applicant's parent(s) or spouse, and income
verification documentation of an aid recipient or applicable aid
recipient's parent(s) or spouse, pertaining to discharge of eligible
loans under title IV, HEA and promissory notes and other agreements
that evidence the existence of a legal obligation to repay funds
disbursed under title IV, HEA programs;
(11) To provide a more flexible data architecture that will allow
FSA to respond more efficiently and accurately to complex data requests
and changes in title IV, HEA policies and operations;
(12) To provide additional insights into title IV, HEA programs,
improve oversight of FSA vendors, and develop a global view of FSA
operations;
(13) To facilitate the collection, processing, and transmission of
information to students, post-secondary and financial institutions,
lenders, State agencies, and other authorized operational parties;
(14) To identify, prevent, reduce, and recoup improper payments;
(15) To communicate with aid applicants and recipients regarding
including, but not limited to, the Free Application for Federal Student
Aid (FAFSA[supreg]) processing timelines, debt counseling references,
and Public Service Loan Forgiveness (PSLF) information;
(16) To enforce the conditions or terms of a title IV, HEA
obligation;
(17) To investigate possible fraud or abuse or verify compliance
with program regulations or contract requirements;
(18) To litigate a title IV, HEA obligation, or to prepare for,
provide support services for, or audit the results of litigation on a
title IV, HEA obligation;
(19) To verify the identity of FSA aid recipients for the purpose
of loan discharge eligibility;
(20) To assist audit and program review planning and reviews; and
(21) To conduct testing, analysis, or take other administrative
actions needed to prepare for or execute programs under title IV of the
HEA.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The EDMAPS system maintains records on the following categories of
individuals:
(1) Individual recipients of, and applicants for, aid under one of
the programs authorized under title IV of the HEA, including, but not
limited to, the: (a) Direct Loan Program; (b) Federal Family Education
Loan (FFEL) Program; (c) Federal Insured Student Loan (FISL) Program;
and (d) Federal Perkins Loan Program including National Defense Student
Loans, National Direct Student Loans, and Perkins Expanded Lending and
Income Contingent Loans (Perkins Loans);
(2) Individuals who serve as endorsers on Direct PLUS loans;
(3) Recipients of Federal Pell Grants, Academic Competitiveness
Grants (ACG), National Science and Mathematics Access to Retain Talent
(SMART) Grants, Teacher Education Assistance for College and Higher
Education (TEACH) Grants, and Iraq and Afghanistan Service Grants;
(4) Individuals who owe an overpayment on a Federal Pell Grant, an
ACG, a National SMART Grant, a Federal Supplemental Educational
Opportunity Grant (FSEOG), or an Iraq and Afghanistan Service Grant, or
TEACH or a Federal Perkins Loan;
(5) Individuals who have applied for borrower defense discharges
(Note: The system contains case tracking records on these individuals);
(6) Individuals who received aid under the HEAL Program for
analysis of their use of the title IV, HEA programs;
(7) Individuals who are title IV, HEA aid applicants or recipients,
and parents or spouses of aid applicants or recipients, who submit
feedback/complaints to the Department regarding title IV, HEA programs,
contractors, or practices or processes of the Department and those who
serve as contacts at educational institutions listed on the program
participation agreement, including, but not limited to, financial aid
directors and college presidents;
(8) Individuals who are not aid applicants or recipients under
title IV, HEA programs, but who have submitted feedback or a complaint
or whose information has been provided to the Department as part of an
interagency agreement or memorandum of understanding to allow analysis
of title IV, HEA programs;
(9) Aid applicants and recipients under title IV, HEA programs, the
parents of aid applicants and recipients under title IV, HEA programs,
and PLUS loan endorsers who apply for an FSA user ID and password; and
(10) Individuals who are, or once were, the parent(s) of a
dependent applicant or aid recipient, or the spouse of a married
applicant or aid recipient, under title IV, HEA programs.
CATEGORIES OF RECORDS IN THE SYSTEM:
The EDMAPS system includes, but is not limited to, the following
categories of records:
(1) Aid applicant and recipient identifier information, including
SSN, FSA user ID (FSA ID), name (both current and previous), date of
birth, physical mailing address, phone number, email address, and
driver's license information;
(2) Information on the aid recipient's loan(s) covering the period
from the origination of the loan through final payment, cancellation,
consolidation, discharge, or other final disposition, including details
such as loan amount, disbursements, balances, loan status, repayment
plan payments and related information, collections, lender and guaranty
agency claims, deferments, forbearances, refunds, and cancellations,
master promissory notes, information collected to determine loan
discharge eligibility along with eligibility and income verification
consents;
(3) Aid applicant and recipient demographic information from aid
[[Page 56041]]
applications, such as dependency status, citizenship, veteran status,
marital status, sex/gender, race/ethnicity, income and asset
information (including income and asset information on the student's
parent(s), if a dependent student, and the aid applicant's or
recipient's spouse, if married), and expected family contribution or
Student Aid Index;
(4) Demographic information on the parent(s) of a dependent aid
applicant and recipient from aid applications, including, but not
limited to, name (current and previous), date of birth, SSN, FSA ID,
U.S. passport number, state administered driver's license number,
marital status, telephone number, email address, highest level of
schooling completed, and income and asset information;
(5) Information related to a borrower's application for an income-
driven repayment plan, including information such as current income,
family size, repayment plan selection, and, if married, information
about the borrower's spouse;
(6) Federal Pell Grant, ACG, National SMART Grant, TEACH Grant, and
Iraq and Afghanistan Service Grant amounts and dates of disbursement;
(7) Federal Pell Grant, ACG Grant, National SMART Grant, Iraq and
Afghanistan Service Grant, FSEOG, and Federal Perkins Loan Program
overpayment amounts;
(8) Information maintained by a guaranty agency, including,
demographic, contact, and identifier information, a borrower's FFEL
loan(s), and the lender(s), holder(s), and servicer(s) of the
borrower's FFEL loan(s);
(9) Information concerning the date of any default on loans;
(10) Information on financial institutions participating in the
loan participation and sale programs established by the Department
under the Ensuring Continued Access to Student Loan Act of 2008
(ECASLA) (Pub. L. 110-227), including the collection of ECASLA loan-
level funding amounts, dates of ECASLA participation for financial
institutions, dates and amounts of loans sold to the Department under
ECASLA, and the amount of loans funded by the Department's programs but
repurchased by the lender;
(11) Student enrollment information for individuals who have
received title IV, HEA aid, such as enrollment status, information on
the student's educational institution, level of study, the
Classification of Instructional Programs (CIP) code, and published
length for the program in which the student enrolled for at an
institution or programs of studies at the post-secondary institution;
(12) Case records on applications for borrower defense discharge;
(13) Case records on complaints and feedback regarding title IV,
HEA programs, Department contractors, and the practices and processes
of the Department and fraud referrals;
(14) Records on title IV, HEA aid applicants and recipients under
title IV, HEA programs, the parents of aid applicants and recipients
under title IV, HEA programs, and PLUS loan endorsers who apply for an
FSA user ID and password, including password recovery questions and
answers;
(15) Records of borrower contacts (phone calls and letters);
(16) HEAL Program records, when loaded into the system for analysis
of HEAL borrowers' use of the title IV, HEA programs;
(17) Reference data about lenders and guaranty agencies, such as
parent-subsidiary lender relationships, in addition to aggregated
financials from lenders and guaranty agencies;
(18) Centralized identifying and contact information received from
the FAFSA[supreg], origination and disbursement records, loan
servicers, and customers (via the <a href="http://studentaid.gov">studentaid.gov</a> interface), augmented
by algorithms to identify the most accurate and/or up-to-date
identifying and contact records;
(19) Credit check details, decision, adverse reasons/credit bureau
info and credit appeal information on PLUS loan applicants, recipients
and endorsers; and
(20) The system maintains student enrollment information for
individuals who have received title IV, HEA aid and records on the
level of study, CIP code, and published length of an educational
program in which a student receiving title IV, HEA aid; and
(21) Loan discharge income eligibility information, associated
discharge eligibility and income verification consent information from
discharge applicants or applicable applicant's parent(s) or spouse, and
income verification documentation of an aid recipient or applicable aid
recipient's parent(s) or spouse, pertaining to discharge of eligible
loans under title IV, HEA programs.
RECORD SOURCE CATEGORIES
Information for this system is obtained from other Department
systems, such as Federal Loan Servicers' IT systems (covered by the
system of records titled ``Common Services for Borrowers (CSB)'' (18-
11-16)); the Debt Management and Collection System (DMCS) (covered by
the system of records titled ``Common Services for Borrowers (CSB)''
(18-11-16)); COD (covered by the system of records titled ``Common
Origination and Disbursement (COD) System'' (18-11-02)); and the
Financial Management System (FMS) (covered by the system of records
titled ``Financial Management System (FMS)'' (18-11-17).)
In addition, the EDMAPS system currently receives Federal Loan
Servicer, DMCS, guaranty agency, and certain postsecondary education
institution information on Perkins Loans via the SAIG, Participant
Management System (covered by the system of records titled ``Student
Aid internet Gateway (SAIG), Participation Management System'' (18-11-
10)).
Further, the EDMAPS system currently receives data originating from
PEPS (covered by the system of records titled ``Postsecondary Education
Participants System'' (18-11-09)) and the Central Processing System
(CPS) (covered by the system of records titled ``Federal Student Aid
Application File'' (18-11-01)) via COD.
The EDMAPS system also receives enrollment records, including
program-level enrollment records, from NSLDS (covered by the system of
records titled ``National Student Loan Data System (NSLDS)'' (18-11-
06)) or any successor system.
The EDMAPS system receives origination and disbursement records on
Federal Pell Grants, ACGs, National SMART Grants, TEACH Grants, Iraq
and Afghanistan Service Grants, and Direct Loans; master promissory
note records; records of PLUS loan credit checks and credit appeals;
annual aggregated Federal Campus-Based Program (FWS, FSEOG, and Perkins
Loan) records from post-secondary institutions; consolidation loan
application records; repayment plan application records; and financial
literacy (entrance and exit) counseling records from COD (covered by
the systems of records titled ``Common Origination and Disbursement
(COD) System'' (18-11-02)) or any successor system.
In addition, the EDMAPS system receives aggregated guaranty agency
and lender financials, as well as lender, guaranty agency, and parent-
subsidiary organization lender reference data from FMS (covered by the
system of records titled ``Financial Management System (FMS)'' (18-11-
17)) or any successor system.
Further, the EDMAPS system receives records from PAS (covered by
the system of records titled ``Person Authentication Service (PAS)''
(18-11-12)) or any successor system, which covers aid applicants and
recipients
[[Page 56042]]
under title IV, HEA programs, the parents of aid applicants and
recipients under title IV, HEA programs, and PLUS loan endorsers who
apply for an FSA user ID and password
Upon request, approved EDMAPS users also receive reports from HEAL
(covered by the system of records titled ``Health Education Assistance
Loan (HEAL) Program'' (18-11-20)), which they upload into EDMAPS for
analytical and reporting purposes.
Moreover, the EDMAPS system receives borrower defense case records
and complaint, feedback, and fraud referral case records from CEMS
(covered by the system of records entitled ``Customer Engagement
Management System (CEMS)'' (18-11-11)) or its successor system.
Finally, the EDMAPS system may also obtain information from other
persons or entities from whom or from which information is obtained
following a disclosure under the routine uses set forth below.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
The Department may disclose information contained in a record in
this system of records under the routine uses listed in this system of
records without the consent of the individual if the disclosure is
compatible with the purposes for which the record was collected. The
Department may make these disclosures on a case-by-case basis or, if
the Department has complied with the computer matching requirements of
the Privacy Act of 1974, as amended (Privacy Act), under a computer
matching agreement.
(1) Program Disclosures. The Department may disclose records from
this system of records for the following program purposes:
(a) To promote transparency, and the effective and efficient
administration, of title IV, HEA programs, the Department may disclose
records to guaranty agencies, educational institutions, financial
institutions, and Federal, State, Tribal, and local government
agencies;
(b) To detect, prevent, mitigate, and recoup improper payments in
title IV, HEA programs, the Department may disclose records to guaranty
agencies, educational institutions, financial institutions, and
Federal, State, Tribal, and local government agencies; and
(c) To support auditors and program reviewers in planning and
carrying out their assessments of title IV, HEA program compliance, the
Department may disclose records to guaranty agencies, educational
institutions, financial institutions and servicers, and Federal, State,
Tribal, and local government agencies; and
(d) To assist with the determination of eligibility for loan
discharges, the Department may disclose records to holders of loans
made under title IV of the HEA;.
(2) Congressional Member Disclosure. The Department may disclose
the records of an individual to a member of Congress or the member's
staff when necessary to respond to an inquiry from the member made at
the written request of that individual and on behalf of that
individual. The member's right to the information is no greater than
the right of the individual who requested it.
(3) Enforcement Disclosure. In the event that information in this
system of records indicates, either on its face or in connection with
other information, a violation or potential violation of any applicable
statute, regulation, or order of a competent authority, the Department
may disclose the relevant records to the appropriate government agency,
whether Federal, State, Tribal, or local, charged with investigating or
prosecuting that violation or charged with enforcing or implementing
the statute, regulation, or order issued pursuant thereto.
(4) Litigation and Alternative Dispute Resolution (ADR) Disclosure.
(a) Introduction. In the event that one of the following parties
listed in subparagraphs (i) through (v) is involved in judicial or
administrative litigation or ADR, or has an interest in judicial or
administrative litigation or ADR, the Department may disclose certain
records from this system of records to the parties described in
paragraphs (b), (c), and (d) of this routine use under the conditions
specified in those paragraphs:
(i) The Department or any of its components;
(ii) Any Department employee in their official capacity;
(iii) Any Department employee in their individual capacity if the
U.S. Department of Justice (DOJ) has been requested to or has agreed to
provide or arrange for representation of the employee;
(iv) Any Department employee in their individual capacity when the
Department has agreed to represent the employee;
(v) The United States when the Department determines that the
litigation is likely to affect the Department or any of its components.
(b) Disclosure to DOJ. If the Department determines that disclosure
of certain records to DOJ is relevant and necessary to judicial or
administrative litigation or ADR, the Department may disclose those
records as a routine use to DOJ.
(c) Adjudicative Disclosure. If the Department determines that it
is relevant and necessary to judicial or administrative litigation or
ADR to disclose certain records from this system of records to an
adjudicative body before which the Department is authorized to appear
or to a person or an entity designated by the Department or otherwise
empowered to resolve or mediate disputes, the Department may disclose
those records as a routine use to the adjudicative body, person, or
entity.
(d) Disclosure to Parties, Counsel, Representatives, and Witnesses.
If the Department determines that disclosure of certain records to a
party, counsel, representative, or witness is relevant and necessary to
the judicial or administrative litigation or ADR, the Department may
disclose those records as a routine use to the party, counsel,
representative, or witness.
(5) Employment, Benefit, and Contracting Disclosure.
(a) For Decisions by the Department. The Department may disclose a
record from this system of records to a Federal, State, Tribal, or
local government agency maintaining civil, criminal, or other relevant
enforcement or other pertinent records, or to another public agency or
professional organization, if necessary to obtain information relevant
to a Department decision concerning the hiring or retention of an
employee or other personnel action; the issuance of a security
clearance; the letting of a contract; or the issuance of a license,
grant, or other benefit.
(b) For Decisions by Other Public Agencies and Professional
Organizations. The Department may disclose a record to a Federal,
State, Tribal, local, or other government or public agency or
professional organization, in connection with the hiring or retention
of an employee or other personnel action, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit, to the extent that the record is relevant and necessary to the
receiving entity's decision on the matter.
(6) Employee Grievance, Complaint, or Conduct Disclosure. If a
record is relevant and necessary to a grievance, complaint, or
disciplinary action involving a present or former employee of the
Department, the Department may disclose the record during
investigation, fact-finding, or adjudication to any party to the
grievance, complaint, or action; to
[[Page 56043]]
the party's counsel or representative; to a witness; or to a designated
fact finder, mediator, or other person designated to resolve issues or
decide the matter.
(7) Labor Organization Disclosure. The Department may disclose a
record to an arbitrator to resolve disputes under a negotiated
grievance procedure or to officials of a labor organization recognized
under 5 U.S.C. chapter 71 when relevant and necessary to their duties
of exclusive representation.
(8) Freedom of Information Act (FOIA) and Privacy Act Advice
Disclosure. The Department may disclose records to DOJ or the OMB if
the Department concludes that disclosure is desirable or necessary in
determining whether particular records are required to be disclosed
under the FOIA or the Privacy Act.
(9) Disclosure to DOJ. The Department may disclose records to DOJ
to the extent necessary for obtaining DOJ advice on any matter relevant
to an audit, inspection, or other inquiry related to the programs
covered by this system.
(10) Contract Disclosure. If the Department contracts with an
entity to perform any function that requires disclosure of records in
this system to employees of the contractor, the Department may disclose
the records to those employees. As part of such a contract, the
Department shall require the contractor to agree to establish and
maintain safeguards to protect the security and confidentiality of the
disclosed records.
(11) Research Disclosure. The Department may disclose records to a
federal researcher if the Department determines that the individual or
organization to which the disclosure would be made is qualified to
carry out specific research related to the functions or purposes of
this system of records. The Department may disclose records from this
system of records to that federal researcher solely for the purpose of
carrying out that research related to the functions or purposes of this
system of records. The federal researcher shall be required to agree to
establish and maintain safeguards to protect the security and
confidentiality of the disclosed records.
(12) Disclosure in the Course of Responding to a Breach of Data.
The Department may disclose records from this system of records to
appropriate agencies, entities, and persons when (a) the Department
suspects or has confirmed that there has been a breach of the system of
records; (b) the Department has determined that, as a result of the
suspected or confirmed breach, there is a risk of harm to individuals,
the Department (including its information systems, programs, and
operations), the Federal government, or national security; and (c) the
disclosure made to such agencies, entities, and persons is reasonably
necessary to assist in connection with the Department's efforts to
respond to the suspected or confirmed breach or to prevent, minimize,
or remedy such harm.
(13) Disclosure in Assisting Another Agency in Responding to a
Breach of Data. The Department may disclose records from this system to
another Federal agency or Federal entity, when the Department
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (a) responding to
a suspected or confirmed breach, or (b) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
(14) Disclosure to the OMB and CBO for Federal Credit Reform Act
(FCRA) Support. The Department may disclose records to OMB and CBO as
necessary to fulfill FCRA requirements in accordance with 2 U.S.C.
661b, except for federal tax information, per 26 U.S.C. 6103.
(15) Disclosure to National Archives and Records Administration
(NARA). The Department may disclose records from this system of records
to NARA for the purpose of records management inspections conducted
under authority of 44 U.S.C. 2904 and 2906.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
The Department electronically stores information at the AWS site
referenced in the foregoing section titled ``SYSTEM LOCATION.'' For
example, the Department electronically stores, for the entire Federal
Student Aid life cycle from application through loan payoff, student
and aid applicant demographic and title IV, HEA aid information such
as, but not limited to, FFEL program, FISL program, and Perkins loan
records on AWS site. The Department also stores electronic master
promissory notes, electronic Special Direct Consolidation Loan
opportunity applications and promissory notes, electronic requests to
repay a Direct Loan under an income-driven repayment plan, and Federal
Direct Consolidation Loan applications and promissory notes on AWS
site. Finally, data obtained from the paper promissory notes or the
paper loan discharge eligibility form are stored on hard disks at the
AWS site. (These are referred to as metadata and are used by the system
to link promissory notes or loan discharge eligibility form to aid
recipient.)
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
With some exceptions, the Department does not generally use the
EDMAPS system for the retrieval of individual records. However, system
administrators and a handful of privileged users are able to retrieve
records from the EDMAPS system by award ID, customer ID, borrower ID,
an individual's SSN, last name, first name, and date of birth. Further,
the Department uses the EDMAPS system to retrieve individual records to
process income eligibility information and other information about
income of aid recipients and to send it to Federal Loan Servicers for
the discharge of eligible student loans under the title IV, HEA
programs. Internal reports also provide a secure vehicle for approved
Department employees and Department contractor staff to access samples
of individual records, for example as part of performing program
reviews.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
The Department has submitted a retention and disposition schedule
that covers the primary records contained in this system to NARA for
review. The Department will treat these records as ``permanent
records,'' as defined in 36 CFR 1220.18, until such time as a final
disposition is approved.
The EDMAPS system may also contain certain records that the
Department considers, on a case-by-case basis and with the approval of
the Agency Records Officer, to be covered by General Records Schedule
5.2, ``Transitory and Intermediary Records.''
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
All users of the system will have a unique user ID with password.
In addition to the user ID and password, users must authenticate their
Personal Identity Verification (PIV) card to access the system, from
within either the Department's Network, the Department's Global Protect
Virtual Private Network (VPN), or the Department's vendor's AnyConnect
Cisco VPN. Users are required to change their password at least every
60 days in accordance with the Department's information technology
standards. All physical access to the information housed in the EDMAPS
system locations is controlled and monitored by
[[Page 56044]]
security personnel who check each individual entering the building for
their employee or visitor badge.
The computer system employed by the Department offers a high degree
of resistance to tampering and circumvention with firewalls,
encryption, and password protection. This security system limits data
access to Department and Department contractor staff on a ``need-to-
know'' basis and controls individual users' ability to access and alter
records within the system. All interactions by users of the system are
recorded. Users of the EDMAPS system do not see personally identifiable
information (PII), even when looking at individual records. EDMAPS
tokenizes PII, meaning that PII are swapped out for non-sensitive
random values. This does not prevent users of EDMAPS from joining
tables containing the same PII data element, because tokenization
ensures that the same non-sensitive value is swapped out in every table
that has that particular data element, for example SSN or date of
birth.
In accordance with the Federal Information Security Management Act
of 2002 (FISMA), as amended by the Federal Information Security
Modernization Act of 2014, every Department system must receive a
signed Authorization to Operate (ATO) from a designated Department
official. The ATO process includes a rigorous assessment of security
and privacy controls, a plan of actions and milestones to remediate any
identified deficiencies, and a continuous monitoring program.
FISMA controls implemented are comprised of a combination of
management, operational, and technical controls, and include the
following control families: access control, awareness and training,
audit and accountability, security assessment and authorization,
configuration management, contingency planning, identification and
authentication, incident response, maintenance, media protection,
physical and environmental protection, planning, personnel security,
privacy, risk assessment, system and services acquisition, system and
communications protection, system and information integrity, and
program management.
RECORD ACCESS PROCEDURES:
If you wish to gain access to a record regarding you in this system
of records, contact the system manager at the address listed above. You
must provide the system manager with the necessary particulars such as
your full, legal name, date of birth, address, and any other
identifying information requested by the Department while processing
the request in order to distinguish between individuals with the same
name. Requesters must also reasonably specify the record contents
sought. Your request must meet the requirements of the regulations at
34 CFR 5b.5, including proof of identity.
CONTESTING RECORD PROCEDURES:
If you wish to contest the content of your personal record within
the system of records, contact the system manager at the address listed
above and provide your full, legal name, date of birth, and SSN.
Identify the specific items to be changed and provide a written
justification for the change. Requests to amend a record must meet the
requirements in 34 CFR 5b.7.
NOTIFICATION PROCEDURES:
If you wish to determine whether a record exists regarding you in
the system of records, contact the system manager at the address listed
above. You must provide necessary particulars such as your full, legal
name, date of birth, address, and any other identifying information
requested by the Department while processing the request to distinguish
between individuals with the same name. Requests must meet the
requirements in 34 CFR 5b.5, including proof of identity.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
[FR Doc. 2022-19886 Filed 9-12-22; 8:45 am]
BILLING CODE 4000-01-P
</pre></body>
</html>Indexed from Federal Register on September 13, 2022.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.