Publication Date: April
2005
DCL ID: GEN-05-06
FP-05-04
Subject: Access To and
Use of NSLDS Information
Summary: This letter reminds
members of the financial aid community who have access to information contained
in NSLDS that they are responsible for using their access properly and for protecting
the sensitive data contained in the system.
Posted on 04-11-2005
Dear Colleague:
The U.S. Department of
Education's National Student Loan Data System (NSLDS) is a comprehensive database
containing personal and financial information related to an individual's receipt
of Federal student financial aid authorized under Title IV of the Higher Education
Act of 1965, as amended. The data contained in NSLDS is confidential and is
protected by the Privacy Act of 1974, as amended and other applicable statutes
and regulations. Access to NSLDS by postsecondary educational institutions,
organizations that participate in the Federal Family Education Loan (FFEL) Program,
and other approved entities is made available only for the general purpose of
assisting with determining the eligibility of an applicant for Federal student
aid and in the collection of Federal student loans and grant overpayments. NSLDS
information may not be used for any other purpose, including the marketing of
student loans or other products.
Failure to comply with
NSLDS access and use requirements, as described in this letter, may result in
the organization or individual user losing access to NSLDS and/or being subject
to sanctions, including, but not limited to, the initiation of a limitation,
suspension, or termination action or a debarment proceeding against the postsecondary
institution or FFEL participant. Additionally, institutional sanctions may apply
to any organization that, by sharing its institutional or FFEL Program identifiers,
has provided other entities or individuals the capability to access to NSLDS
information. We are specifically troubled by the use of FFEL lender ID's by
organizations only minimally related to the lender of record. Such organizations
include collection agencies and loan brokerage or marketing firms.
Access to NSLDS information
is granted to individuals whose specific job responsibilities include at least
one of the activities listed below. These individuals must not use their access
to NSLDS information for any other purpose.
Under Federal law, the
Department is required to publish a Notice identifying the routine uses of records
maintained in a Federal system of records like NSLDS. The Notice for NSLDS was
published on December 27, 1999, 64 Fed. Reg. 72384, 72395-72397.
That notice makes it clear that the Department can properly disclose information
from records in NSLDS to persons who are authorized to receive the information
only for specific purposes. The system Notice explains that lenders, loan holders
and servicers can have access to NSLDS information for limited purposes, which
include only the
following --
- Determining a specific
student applicant's eligibility for Title IV student aid;
- Billing and collecting
on a Title IV loan;
- Enforcing the terms
of a Title IV loan;
- Billing and collecting
on a Title IV grant overpayment;
- Submitting student enrollment
information;
- Ensuring the accuracy
of a financial aid or borrower record;
- Assisting with default
aversion activities; and
- Obtaining default rate
information.
Each organization whose
employees are allowed access to NSLDS data is required to have a Destination
Point Administrator (DPA) appointed by the organization's Chief Executive Officer
(CEO) using a document that requires the signatures of both the DPA and the
CEO. The DPA must not only monitor the use and access of NSLDS data by all of
the organization's NSLDS users, but must also ensure users are aware of their
responsibilities regarding access to NSLDS. The DPA must also de-activate a
User-ID when the person to whom it was assigned is no longer with the organization
or otherwise is no longer eligible to have access to NSLDS. Thus, all authorized
NSLDS users in an organization, their DPA, and the organization's CEO are all
personally responsible for prohibiting improper access to the NSLDS database
or improper use of the data contained in and obtained from the NSLDS database.
Each NSLDS user is responsible
for protecting his or her access to NSLDS and the data available. Each person
who accesses NSLDS must use his or her own User-ID. That person is responsible
for safeguarding the User-ID and password and must not allow any other person
to use them. Access to the NSLDS Web site is limited to one borrower's record
at a time by an individual user. Use of an automated tool to access borrowers'
information or use of screen scraping technology for downloading data or pre-populating
forms are prohibited. Further, sharing or providing data retrieved by an authorized
person from NSLDS with persons or organizations who are not expressly authorized
to receive that information for the purposes listed in the Systems Notice are
also prohibited.
We are concerned that some
organizations and individuals may not understand the requirements, as described
in this letter, for access to and use of the private information contained in
NSLDS. As noted above, access to NSLDS is restricted to the staff of an eligible
Title IV participating postsecondary institution and to eligible FFEL lenders,
lender servicers, and guaranty agencies. With exceptions not relevant here,
no other persons or organizations can have access to NSLDS data. Federal laws
and rules require the Department to take appropriate steps to ensure the confidentiality
of records containing personal and confidential information. To meet this obligation,
we regularly analyze NSLDS usage statistics to determine if security of the
NSLDS system may be compromised and we have implemented an on-going daily monitoring
of the system to track access usage. If, as result of these system activities
or for any other reason, we believe that a user and/or an organization has violated
the NSLDS access and use responsibilities we will discharge our duty under the
Privacy Act by immediately, and without any advance notice or right to appeal,
terminate that user's and organization's access to NSLDS. Additionally, depending
upon the nature of the violation, we may initiate other sanctions against the
organization, as noted above.
An eligible organization
that allows unauthorized access to NSLDS will be considered to have violated
its responsibilities and places itself at risk of losing access to NSLDS, to
other Departmental systems and data, and to possible loss of eligibility to
participate in the Title IV student aid programs. We urge all organizations
to provide a copy of this letter to any of its staff who has access to NSLDS,
to provide in its briefings and/or training sessions information on the importance
of maintaining the privacy of NSLDS data, and to review its own policies, procedures,
and agreements to ensure that it is in full compliance.
We look forward to working
with our partner organizations to maintain both the usefulness of NSLDS data
and the security of the information contained in NSLDS. If you have any questions
on access to NSLDS information please contact NSLDS customer service at 1-800-999-8219.
Sincerely,
Matteo Fontana
General Manager, FSA Financial Partners Services
Attachments/Enclosures:
GEN-05-06;
FP-05-04: Access To and Use of NSLDS Information in PDF Format, 3.6MB, 3 pages
