Publication Date: April 2005
DCL ID: GEN-05-06
FP-05-04
Subject: Access To and Use of NSLDS Information
Summary: This letter reminds members of the financial aid community who have access to information contained in NSLDS that they are responsible for using their access properly and for protecting the sensitive data contained in the system.Posted on 04-11-2005
Dear Colleague:
The U.S. Department of Education's National Student Loan Data System (NSLDS) is a comprehensive database containing personal and financial information related to an individual's receipt of Federal student financial aid authorized under Title IV of the Higher Education Act of 1965, as amended. The data contained in NSLDS is confidential and is protected by the Privacy Act of 1974, as amended and other applicable statutes and regulations. Access to NSLDS by postsecondary educational institutions, organizations that participate in the Federal Family Education Loan (FFEL) Program, and other approved entities is made available only for the general purpose of assisting with determining the eligibility of an applicant for Federal student aid and in the collection of Federal student loans and grant overpayments. NSLDS information may not be used for any other purpose, including the marketing of student loans or other products.
Failure to comply with NSLDS access and use requirements, as described in this letter, may result in the organization or individual user losing access to NSLDS and/or being subject to sanctions, including, but not limited to, the initiation of a limitation, suspension, or termination action or a debarment proceeding against the postsecondary institution or FFEL participant. Additionally, institutional sanctions may apply to any organization that, by sharing its institutional or FFEL Program identifiers, has provided other entities or individuals the capability to access to NSLDS information. We are specifically troubled by the use of FFEL lender ID's by organizations only minimally related to the lender of record. Such organizations include collection agencies and loan brokerage or marketing firms.
Access to NSLDS information is granted to individuals whose specific job responsibilities include at least one of the activities listed below. These individuals must not use their access to NSLDS information for any other purpose.
Under Federal law, the Department is required to publish a Notice identifying the routine uses of records maintained in a Federal system of records like NSLDS. The Notice for NSLDS was published on December 27, 1999, 64 Fed. Reg. 72384, 72395-72397. That notice makes it clear that the Department can properly disclose information from records in NSLDS to persons who are authorized to receive the information only for specific purposes. The system Notice explains that lenders, loan holders and servicers can have access to NSLDS information for limited purposes, which include only the
following --
- Determining a specific student applicant's eligibility for Title IV student aid;
- Billing and collecting on a Title IV loan;
- Enforcing the terms of a Title IV loan;
- Billing and collecting on a Title IV grant overpayment;
- Submitting student enrollment information;
- Ensuring the accuracy of a financial aid or borrower record;
- Assisting with default aversion activities; and
- Obtaining default rate information.
Each organization whose employees are allowed access to NSLDS data is required to have a Destination Point Administrator (DPA) appointed by the organization's Chief Executive Officer (CEO) using a document that requires the signatures of both the DPA and the CEO. The DPA must not only monitor the use and access of NSLDS data by all of the organization's NSLDS users, but must also ensure users are aware of their responsibilities regarding access to NSLDS. The DPA must also de-activate a User-ID when the person to whom it was assigned is no longer with the organization or otherwise is no longer eligible to have access to NSLDS. Thus, all authorized NSLDS users in an organization, their DPA, and the organization's CEO are all personally responsible for prohibiting improper access to the NSLDS database or improper use of the data contained in and obtained from the NSLDS database.
Each NSLDS user is responsible for protecting his or her access to NSLDS and the data available. Each person who accesses NSLDS must use his or her own User-ID. That person is responsible for safeguarding the User-ID and password and must not allow any other person to use them. Access to the NSLDS Web site is limited to one borrower's record at a time by an individual user. Use of an automated tool to access borrowers' information or use of screen scraping technology for downloading data or pre-populating forms are prohibited. Further, sharing or providing data retrieved by an authorized person from NSLDS with persons or organizations who are not expressly authorized to receive that information for the purposes listed in the Systems Notice are also prohibited.
We are concerned that some organizations and individuals may not understand the requirements, as described in this letter, for access to and use of the private information contained in NSLDS. As noted above, access to NSLDS is restricted to the staff of an eligible Title IV participating postsecondary institution and to eligible FFEL lenders, lender servicers, and guaranty agencies. With exceptions not relevant here, no other persons or organizations can have access to NSLDS data. Federal laws and rules require the Department to take appropriate steps to ensure the confidentiality of records containing personal and confidential information. To meet this obligation, we regularly analyze NSLDS usage statistics to determine if security of the NSLDS system may be compromised and we have implemented an on-going daily monitoring of the system to track access usage. If, as result of these system activities or for any other reason, we believe that a user and/or an organization has violated the NSLDS access and use responsibilities we will discharge our duty under the Privacy Act by immediately, and without any advance notice or right to appeal, terminate that user's and organization's access to NSLDS. Additionally, depending upon the nature of the violation, we may initiate other sanctions against the organization, as noted above.
An eligible organization that allows unauthorized access to NSLDS will be considered to have violated its responsibilities and places itself at risk of losing access to NSLDS, to other Departmental systems and data, and to possible loss of eligibility to participate in the Title IV student aid programs. We urge all organizations to provide a copy of this letter to any of its staff who has access to NSLDS, to provide in its briefings and/or training sessions information on the importance of maintaining the privacy of NSLDS data, and to review its own policies, procedures, and agreements to ensure that it is in full compliance.
We look forward to working with our partner organizations to maintain both the usefulness of NSLDS data and the security of the information contained in NSLDS. If you have any questions on access to NSLDS information please contact NSLDS customer service at 1-800-999-8219.
Sincerely,
Matteo Fontana
General Manager, FSA Financial Partners Services