[Federal Register Volume 73, Number 201 (Thursday, October 16, 2008)]
[Notices]
[Pages 61406-61412]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E8-24610]
-----------------------------------------------------------------------
DEPARTMENT OF EDUCATION
Privacy Act of 1974; System of Records--Office of Inspector
General Data Analytics System
AGENCY: Office of the Inspector General, Department of Education.
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act of 1974, as amended
(Privacy Act), the Department of Education (Department) publishes this
notice of a new system of records entitled ``The Office of Inspector
General Data Analytics System (ODAS)'' (System Number 18-10-02). This
system will store individually identifying information from a variety
of individuals who have applied for or received grants, contracts,
loans, or payments from the Department.
DATES: The Department seeks comment on the new system of records
described in this notice, in accordance with the requirements of the
Privacy Act. We must receive your comments about the new system of
records on or before November 17, 2008.
The Department filed a report describing the new system of records
covered by this notice with the Chair of the Senate Committee on
Homeland Security and Governmental Affairs, the Chair of the House of
Representatives Committee on Oversight and Government Reform, and the
Administrator of the Office of Information and Regulatory Affairs,
Office of Management and Budget (OMB) on October 9, 2008. TThis system
of records will become effective at the later date of-- (1) the
expiration of the 40-day period for OMB review on November 19, 2008
unless OMB waives 10 days of the 40-day review period for compelling
reasons shown by the Department, or (2) November 17, 2008, unless the
system of records needs to be changed as a result of public comment or
OMB review.
ADDRESSES: Address all comments about the new system of records to the
Assistant Inspector General for Information Technology Audits and
Computer Crime Investigations, Office of Inspector General, U.S.
Department of Education, 400 Maryland Avenue, SW., Potomac Center Plaza
(PCP), 8th Floor,
[[Page 61407]]
Washington, DC 20202-1510. If you prefer to send comments through the
Internet, use the following address: [email protected]
You must include the term ``ODAS'' in the subject line of your
electronic message.
During and after the comment period, you may inspect all public
comments about this notice at the U.S. Department of Education in the
PCP, Room 8166, 500 12th Street, SW., Washington, DC 20024, between the
hours of 8 a.m. and 4:30 p.m., Eastern time, Monday through Friday of
each week except Federal holidays.
Assistance to Individuals With Disabilities in Reviewing the Rulemaking
Record
On request, we will supply an appropriate aid, such as a reader or
print magnifier, to an individual with a disability who needs
assistance to review the comments or other documents in the public
rulemaking record for this notice. If you want to schedule an
appointment for this type of aid, please contact the person listed
under FOR FURTHER INFORMATION CONTACT.
FOR FURTHER INFORMATION CONTACT: Shelley Shepherd, Assistant Counsel to
the Inspector General, 400 Maryland Ave., SW., PCP, Washington, DC
20202. Telephone: (202) 245-7077.
If you use a telecommunications device for the deaf (TDD), call the
Federal Relay Service (FRS), toll free, at 1-800-877-8339.
Individuals with disabilities can obtain this document in an
alternative format (e.g., Braille, large print, audiotape, or computer
diskette) on request to the contact person listed in the preceding
paragraph.
SUPPLEMENTARY INFORMATION:
Introduction
The Privacy Act (5 U.S.C. 552a(e)(4)) requires the Department to
publish in the Federal Register a notice of new system of records
maintained by the Department. The Department's regulations implementing
the Privacy Act are contained in the Code of Federal Regulations (CFR)
in 34 CFR part 5b.
The Privacy Act applies to information about an individual that is
maintained in a system of records from which individually identifying
information is retrieved by a unique identifier associated with each
individual, such as a name or social security number. The information
about each individual is called a ``record,'' and the system, whether
manual or computer-driven, is called a ``system of records.'' The
Privacy Act requires each agency to publish a system of records notice
in the Federal Register and to submit reports to the Administrator of
the Office of Information and Regulatory Affairs, OMB, the Chair of the
House of Representatives Committee on Oversight and Government Reform,
and the Chair of the Senate Committee on Homeland Security and
Governmental Affairs, whenever the agency publishes a new or altered
system of records.
Background of System of Records
ODAS is a system of records that will store individually
identifying information from a variety of individuals who have applied
for or received grants, contracts, loans, or payments from the
Department. These individuals include: Employees of the Department;
consultants; contractors; grantees; advisory committee members or
others who have received funds from the Department for performing
services; students who have applied for Federal student financial
assistance; Pell Grant recipients; borrowers of William D. Ford Federal
Direct Loans, Federal Family Education loans, Federal Insured Student
loans or Federal Perkins loans; owners, board members, officials, or
authorized agents of postsecondary institutions; and individuals
applying to the Department's Office of Federal Student Aid for a
personal identification number.
Information in this system will be obtained from the following
systems of records maintained by the Department: Education's Central
Automated Processing System (EDCAPS)(System Number 18-03-02); Federal
Student Aid Application File (System Number 18-11-01); Recipient
Financial Management System (the Department expects to amend this
system soon and re-name it as the Common Origination and Disbursement
System (COD)) (System Number 18-11-02); Title IV Program Files (System
Number 18-11-05); National Student Loan Data System (NSLDS)(System
Number 18-11-06); Student Financial Assistance Collection Files (System
Number 18-11-07); Postsecondary Education Participants System
(PEPS)(System Number 18-11-09); the Department of Education (ED) PIN
(Personal Identification Number) (System Number 18-11-12); and the
Student Authentication Network Audit File (System Number 18-11-13).
This new system of records notice is being established because it
will involve the new use of records covered by existing Department
systems of records. This new system of records will be used to identify
internal control weaknesses and to identify system issues to improve
methods of data modeling and annual audit planning. This system will
provide the Department's Office of Inspector General (OIG) with access
to a single repository of data that currently resides in many,
different Department systems of records. OIG will conduct data modeling
on this data, using statistical and mathematical techniques, in order
to predict anomalies indicating fraudulent activity.
Under the Inspector General Act of 1978, as amended, 5 U.S.C.
Appendix, Inspectors General, including the Department's Inspector
General, are responsible for conducting, supervising, and coordinating
audits and investigations, relating to programs and operations of the
Federal agency for which their office is established. This system of
records facilitates OIG's performance of this statutory duty.
Pursuant to 5 U.S.C. 552a(k)(2), through rulemaking, may exempt
from a limited number of Privacy Act requirements a system of records
that contains investigatory materials compiled for law enforcement
purposes. The materials in this system of records fall within the scope
of section 552a(k)(2).
Pursuant to 5 U.S.C. 552a(k)(2), the Secretary has issued final
regulations published elsewhere in this issue of the Federal Register
exempting the ODAS from the following Privacy Act requirements:
5 U.S.C. 552a(c)(3)--access to accounting of disclosure.
5 U.S.C. 552a(c)(4)--notification to outside parties and agencies
of correction or notation of dispute made in accordance with 5 U.S.C.
552a(d).
5 U.S.C. 552a(d)(1) through (4) and (f)--procedures for
notification or access to, and correction or amendment of, records.
5 U.S.C. 552a(e)(1)--maintenance of only relevant and necessary
information.
5 U.S.C. 552a(e)(4)(G) and (H)--inclusion of information in the
system of records notice regarding Department procedures on
notification of, access to, correction of, and amendment of records.
Electronic Access to This Document
You can view this document, as well as all other documents of this
Department published in the Federal Register, in text or Adobe Portable
Document Format (PDF) on the Internet at the following site: http://www.ed.gov/news/fedregister.
To use PDF you must have Adobe Acrobat Reader, which is available
free at this site. If you have questions about using PDF, call the U.S.
Government
[[Page 61408]]
Printing Office (GPO), toll free, at 1-888-293-6498; or in the
Washington, DC, area at (202) 512-1530.
Note: The official version of this document is the document
published in the Federal Register. Free Internet access to the
official edition of the Federal Register and the Code of Federal
Regulations is available on GPO Access at: http://www.gpoaccess.gov/nara/index.html.
Dated: October 10, 2008.
Mary Mitchelson,
Acting Inspector General.
For the reasons discussed in the preamble, the Inspector General of
the U.S. Department of Education (Department) publishes a notice of a
new system of records to read as follows:
18-10-02
SYSTEM NAME:
The Office of Inspector General Data Analytics System (ODAS).
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
The Office of Inspector General, Information Technology Audits and
Computer Crimes Investigations (ITACCI), U.S. Department of Education,
550 12th Street, SW., room 8089, Washington, DC 20024-6122.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
This system will include records on individuals that are obtained
from the following other systems of records maintained by the
Department:
Education Central Automated Processing System (18-03-02)
The categories of individuals included from this system are
employees of the Department, consultants, contractors, grantees,
advisory committee members, and other individuals receiving funds from
the Department for performing services for the Department.
Federal Student Aid Application File (18-11-01)
The categories of individuals included from this system are
students applying for Federal student financial assistance under Title
IV of the Higher Education Act of 1965, as amended (HEA).
Recipient Financial Management System (the Department soon expects
to amend this system and re-name it as the Common Origination and
Disbursement System (COD)) (18-11-02)
The categories of individuals included from this system are records
of individuals who apply for or receive a grant or loan which is made
under (1) the Federal Pell Grant Program; (2) the Academic
Competitiveness Grant (ACG) Program; (3) the National Science and
Mathematics Access to Retain Talent Grant (National SMART Grant)
Program; and (4) the William D. Ford Federal Direct Loan (Direct Loan)
Program, Federal Direct Unsubsidized and Subsidized Stafford/Ford
Loans, and Federal Direct PLUS Loans.
Title IV Program Files (18-11-05)
The categories of individuals included from this system are:
individuals who apply for Federal financial student aid; recipients of
Federal Pell Grants; recipients of Federal Direct Student Loans; and
borrowers whose loan defaulted or borrower died, became disabled or had
a loan discharged in bankruptcy under the Federal Direct Student Loan
program.
National Student Loan Data System (NSLDS) (18-11-06)
The categories of individuals included from this system are:
(1) Borrowers who have applied for and received loans under the
William D. Ford Federal Direct Loan Program, the Federal Family
Education Loan (FFEL) Program, the Federal Insured Student Loan (FISL)
Program, and the Federal Perkins Loan Program (including National
Defense Student Loans, National Direct Student Loans, Perkins Expanded
Lending and Income Contingent Loans); and
(2) Recipients of Federal Pell Grants and persons who owe an
overpayment on a Federal Pell Grant, Federal Supplemental Educational
Opportunity Grant or Federal Perkins Loans.
Student Financial Assistance Collection Files (18-11-07)
The categories of individuals included from this system are
individuals who have student loans made under the FFEL Program:
Stafford Loans (formerly the Guaranteed Student Loan Program (GSL),
including Federally Insured Student Loans), Supplemental Loans for
Students (SLS), PLUS Loans (formerly Parental Loans for Undergraduate
Students), and Consolidation Loans; the William D. Ford Federal Direct
Student Loan (Direct Loan) Program (formerly known as the Stafford/Ford
Loan Program (SFLP), Federal Direct Unsubsidized Stafford/Ford Loan
Program, Federal Direct Consolidation Loan, and Federal Direct Plus
Loans; and Federal Perkins Loans (formerly known as National Direct/
Defense Student Loans (NDSL)) and those who are awarded grants under
the Federal Pell Grant Program and the Supplemental Education
Opportunity Grant Program (SEOG).
Postsecondary Education Participants System (PEPS) (18-11-09)
The categories of individuals included from this system are owners
(individuals, either solely or as partners, and corporate entities),
officials, and authorized agents of postsecondary institutions; members
of boards of directors or trustees of such institutions; employees of
foreign entities that evaluate the quality of education; third-party
servicers, including contact persons.
Department of Education (ED) PIN (Personal Identification Number)
(18-11-12)
The categories of individuals included from this system are former,
current and prospective students and parents who apply for an ED PIN
number. The ED PIN number is used for identification purposes when PIN
holders access other Department systems, including the Free Application
for Federal Student Aid (FAFSA), Access America and the Direct Loan
Program.
Student Authentication Network Audit File (18-11-13)
The categories of individuals included from this system are
individuals who have had, or attempted to have, their identity verified
for the purpose of electronically completing and signing promissory
notes and other documents in connection with applying for or obtaining
aid, or carrying out other activities under the Student Financial
Assistance Programs authorized by Title IV of the Higher Education Act
of 1965, as amended.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system will include records that are obtained from the
following other systems of records maintained by the Department:
Education's Central Automated Processing System (18-03-02)
The categories of records included from this system are
individual's name, address, social security number, eligibility codes,
detailed and summary obligation data, reports of expenditures, and
grant management data, including application and close out information.
Federal Student Aid Application File (18-11-01)
The categories of records included from this system are the name,
address, birth date, social security number, parents' and students'
personal identification numbers assigned by the Department, and
financial data necessary to identify applicants, verify applicant data,
and calculate their expected family contributions for Federal student
financial assistance. Also included from this system will be
[[Page 61409]]
information on the student's prior Federal Pell Grant awards and
student loan status from the NSLDS database is maintained in the
system. Finally, included from this system will be information from an
individual's processed FAFSA form, such as Estimated Family
Contribution, dependency status and post-secondary school identifier.
Recipient Financial Management System (the Department expects to
amend this system soon and re-name it as the Common Origination and
Disbursement System (COD)) (18-11-02)
The categories of records included from this system are records
that are sent by institutions of higher education to the Department,
and that include, but are not limited to, information such as an
individual's social security number, birth date, name, address, e-mail
address, driver's license number, telephone number, citizenship status,
cost of attendance, enrollment information, type of financial aid
award, and the amount and disbursement date of Federal financial aid
awarded. In addition, this system contains collection referral amounts,
loan repayment information, and promissory notes for loans made under
the Federal Direct Loan program.
Title IV Program Files (18-11-05)
The categories of records included from this system are records
regarding the amount of Pell Grant received; an applicant's demographic
background; loan and education status; family income; social security
number; address and telephone number; and employment information on
borrowers and co-signers; default claim number; amount of claim;
information pertaining to locating a borrower; collection and repayment
history; information pertaining to the amount of the loan and repayment
obligation; forbearance; cancellation; disability; and deferment
information; and personal identification numbers assigned by the
Department.
National Student Loan Data System (NSLDS) (18-11-06)
The categories of records included from this system are records
regarding: (1) Student/borrower identifier information including social
security number, date of birth and name; (2) the information on
borrowers' loans covering the entire life cycle of a loan from
origination through final payment, cancellation, discharge or other
final disposition including details regarding each loan received by a
student such as information on loan amounts, educational status,
disbursements, balances, loan status, collections, claims, deferments,
refunds and cancellations; (3) enrollment information including
school(s) attended, anticipated completion date, enrollment status and
effective dates; (4) student demographic information such as course of
study, dependency, citizenship, gender, data on family income, expected
family contribution, and address; (5) Federal Pell Grant amounts and
dates; and (6) Federal Pell Grant, Federal Supplemental Educational
Opportunity Grant, and Federal Perkins Loan Program overpayments.
Student Financial Assistance Collection Files (18-11-07)
The categories of records included from this system are records
regarding an applicant's demographic background; loan, repayment
history, and educational status; family income; social security number;
address and telephone numbers; employment information on borrowers and
co-signers; collection activity on accounts; default claim number;
amount of claim; information pertaining to locating a borrower;
collection and repayment obligation; forbearance; cancellation;
disability; deferment; administrative wage garnishment; bankruptcy,
death; closed school discharge; hearings; photocopy of all promissory
notes; account collection records; administrative resolutions and
litigations; and parents' and students' personal identification numbers
assigned by the Department.
Postsecondary Education Participants System (PEPS) (18-11-09)
The categories of records included from this system are records
regarding the eligibility, administrative capability, and financial
responsibility of postsecondary institutions that participate in the
student financial aid programs, including the names, taxpayer
identification numbers (social security numbers), business addresses,
and phone numbers of the individuals with substantial ownership
interests in, or control over, those institutions, and personal
identification numbers assigned by the Department.
The Department of Education (ED) PIN (Personal Identification
Number) Registration System (PIN) (18-11-12)
The categories of records included from this system are name,
social security number, date of birth and address of prospective
students and parents who apply for an ED PIN number.
Student Authentication Network Audit File (18-11-13)
The categories of records included from this system are related to
individuals seeking to have their identity verified for the purpose of
electronically completing and signing promissory notes and other
documents in connection with applying for or obtaining aid. Records
include the individual's social security number; date of birth; first
and last name; user code (i.e., the Department, lenders, schools,
guarantee agencies and holders of Federal student loans) identifying
the entity seeking to verify the individual's identity; data provided
by the user that may subsequently be used for auditing or other
internal purposes of the user); an action code documenting the
``affirmed'' or ``denied'' verification response the system receives
from the Department's PIN database; a unique identifier comprising a
system-generated sequence number; and, the date and time the
individual's identity is authenticated against the Department's PIN
database.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The Inspector General Act of 1978, as amended, (5 U.S.C. Appendix.
PURPOSE(S):
This system of records is maintained for the general purpose of
enabling OIG to fulfill the requirements of section (4)(a)(1) and (3)
of the Inspector General Act of 1978, as amended, which requires OIG to
provide policy direction for and to conduct, supervise, and coordinate
audits and investigations relating to the programs and operations of
the Department and to conduct, supervise and coordinate activities for
the purpose of promoting economy and efficiency in the administration
of, or preventing and detecting fraud and abuse in, the programs and
operations of the Department. This system is maintained for the purpose
of improving the efficiency, quality, and accuracy of existing data
collected by the Department. Records in this system will be used to
conduct data modeling for indications of fraud, abuse and internal
control weaknesses concerning Department programs and operations. The
result of that data modeling may be used in the conduct of audits,
investigations, inspections or other activities as necessary to prevent
and detect waste, fraud and abuse in Department programs and
operations.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES FOR SUCH USES:
The Department may disclose information contained in a record in
this system of records without the consent of the individual if the
disclosure is compatible with the purpose for which the record was
collected, under the following routine uses. OIG may make these
disclosures
[[Page 61410]]
on a case-by-case basis or, if OIG has met the requirements of the
Computer Matching and Privacy Protection Act of 1988, as amended, under
a computer matching agreement.
(1) Disclosure for Use by Other Law Enforcement Agencies. The
Department may disclose information from this system of records as a
routine use to any Federal, State, local, or foreign agency or other
public authority responsible for enforcing, investigating, or
prosecuting violations of administrative, civil, or criminal law or
regulations if that information is relevant to any enforcement,
regulatory, investigative, or prosecutorial responsibility of the
receiving entity.
(2) Disclosure to Public and Private Entities to Obtain Information
Relevant to Department of Education Functions and Duties. The
Department may disclose information from this system of records as a
routine use to public or private sources to the extent necessary to
obtain information from those sources relevant to an OIG investigation,
audit, inspection, or other inquiry.
(3) Disclosure for Use in Employment, Employee Benefit, Security
Clearance, and Contracting Decisions.
(a) For Decisions by the Department. The Department may disclose
information from this system of records as a routine use to a Federal,
State, local, or foreign agency maintaining civil, criminal, or other
relevant enforcement or other pertinent records, or to another public
authority or professional organization, if necessary to obtain
information relevant to a Department decision concerning the hiring or
retention of an employee or other personnel action, the issuance or
retention of a security clearance, the letting of a contract, or the
issuance or retention of a license, grant, or other benefit.
(b) For Decisions by Other Public Agencies and Professional
Organizations. The Department may disclose information from this system
of records as a routine use to a Federal, State, local, or foreign
agency, other public authority, or professional organization in
connection with the hiring or retention of an employee or other
personnel action, the issuance or retention of a security clearance,
the letting of a contract, or the issuance or retention of a license,
grant, or other benefit.
(4) Disclosure to Public and Private Sources in Connection with the
Higher Education Act of 1965, as Amended (HEA). The Department may
disclose information from this system of records as a routine use to
facilitate compliance with program requirements to any accrediting
agency that is or was recognized by the Secretary of Education pursuant
to the HEA; to any educational institution or school that is or was a
party to an agreement with the Secretary of Education pursuant to the
HEA; to any guaranty agency that is or was a party to an agreement with
the Secretary of Education pursuant to the HEA; or to any agency that
is or was charged with licensing or legally authorizing the operation
of any educational institution or school that was eligible, is
currently eligible, or may become eligible to participate in any
program of Federal student assistance authorized by the HEA.
(5) Litigation and Alternative Dispute Resolution (ADR)
Disclosures.
(a) Disclosure to the Department of Justice. If the disclosure of
certain records to the Department of Justice (DOJ) is relevant and
necessary to litigation or ADR and is compatible with the purpose for
which the records were collected, the Department may disclose those
records as a routine use to the DOJ. The Department may make such a
disclosure in the event that one of the following parties is involved
in the litigation or ADR or has an interest in the litigation or ADR:
(i) The Department or any component of the Department;
(ii) Any employee of the Department in his or her official
capacity;
(iii) Any Department employee in his or her individual capacity if
the DOJ has been asked or has agreed to provide or arrange for
representation for the employee;
(iv) Any employee of the Department in his or her individual
capacity if the Department has agreed to represent the employee or in
connection with a request for that representation; or
(v) The United States, if the Department determines that the
litigation or ADR proceeding is likely to affect the Department or any
of its components.
(b) Other Litigation or ADR Disclosure. If disclosure of certain
records to a court, adjudicative body before which the Department is
authorized to appear, individual or entity designated by the Department
or otherwise empowered to resolve disputes, counsel, or other
representative, party, or potential witness is relevant and necessary
to litigation or ADR and is compatible with the purpose for which the
records were collected, the Department may disclose those records as a
routine use to the court, adjudicative body, individual or entity,
counsel or other representative, party, or potential witness. The
Department may make such a disclosure in the event that one of the
following parties is involved in the litigation or ADR or has an
interest in the litigation or ADR:
(i) The Department or any component of the Department;
(ii) Any employee of the Department in his or her official
capacity;
(iii) Any Department employee in his or her individual capacity if
the DOJ has been asked or has agreed to provide or arrange for
representation for the employee;
(iv) Any employee of the Department in his or her individual
capacity if the Department has agreed to represent the employee; or
(v) The United States, if the Department determines that the
litigation or ADR is likely to affect the Department or any of its
components.
(6) Disclosure to Contractors and Consultants. The Department may
disclose information from this system of records as a routine use to
the employees of any entity or individual with whom or with which the
Department contracts for the purpose of performing any functions or
analyses that facilitate or are relevant to an OIG investigation,
audit, inspection, or other inquiry. Before entering into such a
contract, the Department must require the contractor to maintain
Privacy Act safeguards, as required under 5 U.S.C. 552a(m) with respect
to the records in the system.
(7) Debarment and Suspension Disclosure. The Department may
disclose information from this system of records as a routine use to
another Federal agency considering suspension or debarment action if
the information is relevant to the suspension or debarment action. The
Department also may disclose information to any Federal, State, or
local agency to gain information in support of the Department's own
debarment and suspension actions.
(8) Disclosure to the Department of Justice. The Department may
disclose information from this system of records as a routine use to
the DOJ to the extent necessary for obtaining the DOJ's advice on any
matter relevant to Department of Education programs or operations.
(9) Congressional Member Disclosure. The Department may disclose
information from this system of records to a Member of Congress or to a
congressional staff member in response to an inquiry from the
congressional office made at the written request of the constituent
about whom the record is maintained. The member's right to the
information is no greater than the right of the individual who
requested the inquiry.
[[Page 61411]]
(10) Benefit Program Disclosure. The Department may disclose
records as a routine use to any Federal, State, local, or foreign
agency, or other public authority, if relevant to the prevention or
detection of fraud and abuse in benefit programs administered by any
agency or public authority.
(11) Collection of Debts and Overpayment Disclosure. The Department
may disclose records as a routine use to any Federal, State, local, or
foreign agency, or other public authority, if relevant to the
collection of debts or to overpayments owed to any agency or public
authority.
(12) Disclosure to the President's Council on Integrity and
Efficiency (PCIE). The Department may disclose records as a routine use
to members and employees of the PCIE for the preparation of reports to
the President and Congress on the activities of the Inspectors General.
(13) Disclosure for Qualitative Assessment Reviews. The Department
may disclose records as a routine use to members of the PCIE, the DOJ,
the U.S. Marshals Service, or any Federal agency for the purpose of
conducting qualitative assessment reviews of the investigative or audit
operations of the Department's OIG to ensure that adequate internal
safeguards and management procedures are maintained.
(14) Disclosure in the Course of Responding to Breach of Data. The
Department may disclose records to appropriate agencies, entities, and
persons when (a) it is suspected or confirmed that the security or
confidentiality of information in this system has been compromised; (b)
the Department has determined that as a result of the suspected or
confirmed compromise there is a risk of harm to economic or property
interests, identity theft or fraud, or harm to the security or
integrity of this system or other systems or programs (whether
maintained by the Department or by another agency or entity) that rely
upon the compromised information; and, (c) the disclosure is made to
such agencies, entities, and persons who are reasonably necessary to
assist the Department in responding to the suspected or confirmed
compromise and in helping the Department prevent, minimize, or remedy
such harm.
DISCLOSURE TO CONSUMER REPORTING AGENCIES:
Not applicable to this system of records.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISCLOSING OF RECORDS IN THE SYSTEM:
STORAGE:
The records are maintained on encrypted magnetic disks and
encrypted tape cartridges in a locked computer facility within the U.S.
Department of Education's OIG.
RETRIEVABILITY:
Records in this system of records are retrieved by name or other
identifying information of an individual or institution.
SAFEGUARDS:
Access to data in ODAS is restricted to authorized OIG staff
members and is recorded in an access log. All physical access to the
Department's site where this system of records is maintained is
controlled and monitored by security personnel who check each
individual entering the buildings for his or her employee or visitor
badge. All data contained in the system of records are kept on a
secured and restricted private network and stored in a combination-
locked computer laboratory. ODAS is housed within a secure and
controlled computer lab. Access to the lab is by authorized OIG
personnel only. The general public does not have access to ODAS.
All information stored in this system is secured by using database
encryption technology and is resistant to tampering and circumvention
by unauthorized users. Access to data by all users will be monitored
using both automated and manual controls. The information is accessed
by OIG staff on a ``need-to-know'' and intended systems usage basis.
OIG maintains ODAS in a secure and controlled facility. Access to
the computer lab is by authorized OIG personnel only. The general
public does not have access to ODAS. The information maintained in ODAS
is secured in accordance with OMB M-03-22, OMB Guidance for
Implementing the Privacy Provisions of the E-Government Act of 2002,
September 26, 2003, the E-Government Act, Section 208, Attachment A,
and NIST 800-53, Revision 1, Recommended Security Controls for Federal
Information Systems, December 2006.
Contractors will not maintain this system, but under certain
limited circumstances they may have access to the system. In accordance
with the Department's Administrative Communications System Directive
OM: 5-101 entitled ``Contractor Employee Personnel Security
Screenings,'' all Department personnel who have facility access and
system access must undergo a security clearance investigation.
Individuals requiring access to Privacy Act data are required to hold,
at a minimum, a moderate-risk security clearance level. These
individuals are required to undergo periodic screening at five-year
intervals.
In addition to conducting security clearances, individuals with
access to this system are required to complete security awareness
training on an annual basis. Annual security awareness training is
required to ensure that users are appropriately trained in safeguarding
Privacy Act data in accordance with OMB Circular No. A-130, Appendix
III.
The computer system employed by the Department offers a high degree
of resistance to tampering and circumvention. All users of this system
of records are given a unique user identification, and users are
required to change their password at least every 90 days in accordance
with the Department's information technology standards.
RETENTION AND DISPOSAL:
Records are maintained and disposed of in accordance with the
Department's Records Disposition Schedules applicable to the
aforementioned records. A new records retention and disposition
schedule is under development for this system of records. Until NARA
approves a retention and disposition schedule for these records, The
Department will not destroy any records.
SYSTEM MANAGER AND ADDRESS:
Roland Wong, Director, Computer Assisted Assessment Techniques,
Information Technology Audits and Computer Crimes Investigations,
Department of Education, Office of Inspector General, 400 Maryland
Avenue, SW., PCP, Washington, DC 20202-1510.
NOTIFICATION PROCEDURE:
This system is exempt from the notification procedures in 5 U.S.C.
552a(e)(4)(G) pursuant to 5 U.S.C. 552a(k)(2) and 34 CFR 5b.11(c)(1).
RECORD ACCESS PROCEDURE:
This system is exempt from the record access procedures in 5 U.S.C.
552a(e)(4)(H) pursuant to 5 U.S.C. 552a(k)(2) and 34 CFR 5b.11(c)(1).
CONTESTING RECORD PROCEDURE:
This system is exempt from the contesting record procedures in 5
U.S.C. 552a(e)(4)(H) pursuant to 5 U.S.C. 552a(k)(2) and 34 CFR
5b.11(c)(1).
[[Page 61412]]
RECORD SOURCE CATEGORIES:
This system contains records taken from the following Department
systems: Education's Central Automated Processing System (EDCAPS)
(System Number 18-03-02); Federal Student Aid Application File (System
Number 18-11-01); Recipient Financial Management System (the Department
expects to amend this system soon and re-name it as the Common
Origination and Disbursement System (COD)) (System Number 18-11-02);
Title IV Program Files (System Number 18-11-05); National Student Loan
Data System (NSLDS) (System Number 18-11-06); Student Financial
Assistance Collection Files (System Number 18-11-07); Postsecondary
Education Participants System (PEPS) (System Number 18-11-09); The
Department of Education (ED) PIN (Personal Identification Number)
Registration System (System Number 18-11-12); and the Student
Authentication Network Audit File (System Number 18-11-13).
EXEMPTIONS CLAIMED FOR THE SYSTEM:
Pursuant to 5 U.S.C. 552a(k)(2), the Secretary, through rulemaking,
may exempt from a limited number of Privacy Act requirements a system
of records that contains investigatory materials compiled for law
enforcement purposes. The materials in this system fall within the
scope of section 552a(k)(2) because they are investigatory materials
compiled for purposes of enforcing Federal legal requirements.
Therefore, the Secretary has issued final regulations published
elsewhere in this issue of the Federal Register exempting the ODAS from
the following Privacy Act requirements:
5 U.S.C. 552a(c)(3)--access to accounting of disclosure.
5 U.S.C. 552a(c)(4)--notification to outside parties and agencies
of correction or notation of dispute made in accordance with 5 U.S.C.
552a(d).
5 U.S.C. 552a(d)(1) through (4) and (f)--procedures for
notification or access to, and correction or amendment of, records.
5 U.S.C. 552a(e)(1)--maintenance of only relevant and necessary
information.
5 U.S.C. 552a(e)(4)(G) and (H)--inclusion of information in the
system of records notice regarding Department procedures on
notification of, access to, correction of, or amendment of records.
[FR Doc. E8-24610 Filed 10-15-08; 8:45 am]
BILLING CODE 4000-01-P