Office of Federal Student Aid · U.S. Department of Education
We collect no personal information about you unless you choose to provide that information to us. When we do collect information about you, we only collect the information we need to provide you or someone in your family student financial assistance. We share the information you provide us only with those who are authorized to see it, under Federal law.
Non-personal Information · Cookies · Security & Intrusion Detection · Information from E-mails · Loan-Related Information Collected · Privacy of Other Records
During your visit to the StudentLoans.gov Web site, our web operating system will record:
- The Internet domain for your Internet service, such as "xcompany.com" or "xcompany.net" if you use a private Internet access account, or "yourschool.edu" if you connect from a college or university domain.
- The type of browser (such as "Firefox version X" or "Internet Explorer version X") that you are using.
- The type of operating system that you use (such as Macintosh, Unix, or Windows).
- The date and time you visit our site, and the web pages that you visit on our site.
- The address of the previous web site you were visiting, if you linked to us from another web site.
We use this information for statistical analysis. This tracking system does not record information about individual visitors.
After you login successfully to the StudentLoans.gov Web site, we use "cookies" to help you use our web sites interactively. A cookie is a small file that a web site transfers to your computer's hard disk to keep track of your session as you move from page to page while connected to that site.
These cookies collect no information about you, but only about your browser "session." The cookie makes it easier for you to use the dynamic features of these web pages, without having to provide the same information again as you move from one page to another. The cookie and the information about your session will be destroyed automatically shortly after you close your browser or click the logout button -- it is not permanently stored on your computer.
For security purposes and to make sure this service remains available to all users, we use special software programs for monitoring network traffic to identify unauthorized attempts to upload or change information, or otherwise to cause damage to this government computer system. These programs collect no personally identifiable information, but they do collect information that could help us identify someone attempting to tamper with this web site.
Except for authorized law enforcement investigations, we make no other attempts to identify individual users or their usage habits. We only use raw monitoring data logs for determining trends in usage patterns and in diagnosing system problems.
If you decide to send us an electronic mail message (e-mail), the message will usually contain your return e-mail address. If you include personally-identifying information in your e-mail because you want us to help you with a specific problem, we may use that information in contacting other federal agencies or our partners (such as colleges, lenders, or state agencies) about your student aid. In other limited circumstances, including requests from Congress or limited other parties, we may be required by law to disclose information that you submit.
Also, e-mail is not necessarily secure against interception. If your communication is very sensitive, or includes personal information such as data from your tax return or student loan account, you may prefer to send it by postal mail to:
Office of Federal Student Aid
P.O. Box 84
Washington, DC 20044-0084
All the information provided (your driver's license number, the name and addresses of references, etc.) is protected, once it is submitted.
If you have applied for federal student aid or have received a federal student loan, the Office of Federal Student Aid is authorized to maintain a record of all transactions related to your application or loan.
Review the System of Records notices, which list the authorized disclosures and the safeguards for Office of Federal Student Aid systems under the Privacy Act of 1974, as amended. The systems that apply specifically to loans that you receive under the Direct Loan Program are #18-11-05 called Title IV Program Files and #18-11-06 called National Student Loan Data System (NSLDS).
The fact that you have completed an electronic Master Promissory Note (MPN), Direct PLUS Loan Request or Entrance Counseling will be communicated to the school for which you are borrowing the money. The privacy of financial aid records (and admission, enrollment, and other records) kept by an educational institution is protected by the Family Educational Rights and Privacy Act. Click here to read the FERPA regulations. INTRODUCTION TO PRIVACY IMPACT ASSESSMENT
Section 208 of the E-Government Act of 2002 (P.L.107-347) requires FSA to complete a Privacy Impact Assessment for each new system that collects information from the public through the Internet.
During the Definition Phase of the FSA Solution Lifecycle, the System Security Officer must make sure that the team completes the attached Privacy Impact Assessment Questionnaire, must have it reviewed by the Chief Information Officer or equivalent official, and must file the completed form in the system's Security Notebook as part of the system's documentation. This Privacy Impact Assessment must also be made publicly available.Privacy Impact Assessment Questionnaire
System Name: Common Origination and Disbursement (COD)
System Owner: William Leith
System Manager: Lisa DiCarlo
System Security Officer: Don Dorsey
Privacy Impact Assessment Questionnaire Author: Don Dorsey
Officials and organizational components involved in the analysis and review of the Privacy Impact Assessment included the following: Department of Education Office of the Chief Information Officer, Federal Student Aid (FSA) CIO Computer Security Officer, and COD management, including the System Security Officer.
- What information will be collected for the system (Ex. Name, Social Security Number, annual income, etc)?
- The COD system receives, processes and stores privacy act related data, such as names, social security numbers, current address, date of birth, place of birth, telephone numbers, and dollar amounts.
- The general public does not have access to COD.
- Why is this information being collected?
The information is provided by the student applicants and the schools participating in the Title IV Higher Education Student Financial Aid Programs to enable the administration of the Federal Title IV grants and loans by the Department. The Title IV loans and grants are used by eligible students to attend those schools.
- How will FSA use this information?
- FSA/COD uses this student-level detail to book loans, account for awarded grants and to enable the Department to reconcile school cash drawdowns from the Treasury to individual student disbursements.
- This information also is used to ensure the respective schools receive the appropriate amount of dollars during the respective time periods.
- Will this information be shared with any other agency? If so, with which agency or agencies?
- Not routinely (This information can be made available for a civil or criminal law enforcement activity that is authorized by law, upon a written request by the agency).
- Describe the notice or opportunities for consent would be/ or are provided to individuals about what information is collected and how that information is shared with others organizations. (e.g., posted Privacy Notice)
- Extensive Privacy Act notices are posted at the web site of the Free Application for Federal Student Aid (http://www.fafsa.ed.gov). The basis for the data sent to COD by colleges is the FAFSA, which is filled out by student applicants first. The FAFSA is an OMB approved data collection instrument (OMB #1845-0001)
- How will the information be secured?
- All information is protected by a PIN or password and is monitored by automated and manual controls.
- COD is developed and maintained under a contract with Accenture, and is housed within a secure facility run under a subcontract with TSYS Inc., one of the largest credit card processors in the world.
- Interfacing ED systems are operated for the most part within FSA's Virtual Data Center (VDC), located in Meriden, CT, which provides the respective security controls. The COD data is encrypted as it moves between COD system interfaces.
- System administrators outside of the VDC provide comparable security controls to protect the system and the information contained therein.
- Is a system of records being created or updated with the collection of this information? (A system of record is created when information can be retrieved from the system by the name of the individual or an identifying number, symbol or other identifying particular assigned to an individual. Also, in responding to this question a helpful reference may be to the system's System of Record organization step completed in the Definition phase of the Solution Lifecycle process.)
- A system of records notification has been submitted to update the previous system of record notification for the TEACH Program.