Education Dept. Blocks Loan Companies From Student Database - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Education Dept. Blocks Loan Companies From Student Database

The Education Department has been criticized for not keeping better tabs on how student information is used, particularly by companies looking to market products and services to students and their families.

The U.S. Department of Education on Tuesday temporarily shut down access to its National Student Loan Data System, a move that will prevent lenders, loan holders, and others from accessing this centralized database containing confidential information on millions of students and former students. The department made the call after observing a significant increase in database usage by lenders, loan holders, and others within the industry.

The Education Department has been criticized, by Sen. Edward Kennedy, D-Mass, and others for not keeping better tabs on how student information is used, particularly by companies looking to market products and services to students and their families. Kennedy is chairman of the Senate Health, Education, Labor and Pensions Committee. Education Secretary Margaret Spellings responded to this criticism Tuesday in a six-page letter to Kennedy in which she addressed the "numerous reports of alleged violations of Title IV program requirements, and most disturbingly, the public trust."

While access to the database is suspended, the department and its Office of Inspector General will review how the database is used to determine if they need to permanently cut off access to certain users. Loan borrowers and schools will continue to have access to the database during the review.

Since 2003, the department's Office of Federal Student Aid has invested more than $650,000 in improved system security and monitoring tools and processes to better protect student information, the letter says. This has led to the revocation of more than 52,000 user IDs, most of them taken away because they were no longer being used. The department also has revoked 261 user IDs due to suspicious activity, although it has not yet been determined that access was not authorized by the borrowers. Of these cases, 246 user IDs belonged to lenders, loan holders, guaranty agencies, and servicers, and 15 user IDs belonged to schools.

The National Student Loan Data System, or NSLDS, gets its information from schools, agencies that guaranty loans, the Direct Loan program, the Pell Grant program, and other Education Department programs. Spellings' letter points out that, "contrary to what has been reported, NSLDS does not provide access to e-mail addresses, phone numbers or any other addresses of borrowers."

The department has found that policing data access and authorized usage of its database is an ongoing process rather than an objective that can simply be accomplished. An April 2005 letter the department sent to database users reminded them that failure to comply with access and usage requirements may result in the organization or individual losing access to NSLDS. Violators could also face sanctions, including the limiting, suspension, or termination of access privileges.

To access the database, a user must enter a borrower's social security number, PIN, and other personal information, making the site "as secure as using an ATM," the Education Department says on its Web site, which also points out that federal privacy laws protect this information. "The only people who can access NSLDS are those individuals that need the information to calculate your future aid eligibility, or to resolve questions about your loans or grants on a need-to-know basis," according to the site.

The Department of Education slipped from a C- to an F in its most recent annual computer security report card, which is required under the 2002 Federal Information Security Management Act. Agencies are rated on annual tests of information security, whether they certify and accredit their systems as secure, how well they manage the configuration of their computers, how they detect and react to security breaches, their training programs, and the accuracy of their inventories.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Will AI and Machine Learning Break Cloud Architectures?
Lisa Morgan, Freelance Writer,  6/10/2019
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
Humans' Fascination with Artificial General Intelligence
Guest Commentary, Guest Commentary,  6/6/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
Slideshows
Flash Poll