Education Dept. Blocks Loan Companies From Student Database

The Education Department has been criticized for not keeping better tabs on how student information is used, particularly by companies looking to market products and services to students and their families.

Larry Greenemeier, Contributor

April 18, 2007

3 Min Read
InformationWeek logo in a gray background | InformationWeek

The U.S. Department of Education on Tuesday temporarily shut down access to its National Student Loan Data System, a move that will prevent lenders, loan holders, and others from accessing this centralized database containing confidential information on millions of students and former students. The department made the call after observing a significant increase in database usage by lenders, loan holders, and others within the industry.

The Education Department has been criticized, by Sen. Edward Kennedy, D-Mass, and others for not keeping better tabs on how student information is used, particularly by companies looking to market products and services to students and their families. Kennedy is chairman of the Senate Health, Education, Labor and Pensions Committee. Education Secretary Margaret Spellings responded to this criticism Tuesday in a six-page letter to Kennedy in which she addressed the "numerous reports of alleged violations of Title IV program requirements, and most disturbingly, the public trust."

While access to the database is suspended, the department and its Office of Inspector General will review how the database is used to determine if they need to permanently cut off access to certain users. Loan borrowers and schools will continue to have access to the database during the review.

Since 2003, the department's Office of Federal Student Aid has invested more than $650,000 in improved system security and monitoring tools and processes to better protect student information, the letter says. This has led to the revocation of more than 52,000 user IDs, most of them taken away because they were no longer being used. The department also has revoked 261 user IDs due to suspicious activity, although it has not yet been determined that access was not authorized by the borrowers. Of these cases, 246 user IDs belonged to lenders, loan holders, guaranty agencies, and servicers, and 15 user IDs belonged to schools.

The National Student Loan Data System, or NSLDS, gets its information from schools, agencies that guaranty loans, the Direct Loan program, the Pell Grant program, and other Education Department programs. Spellings' letter points out that, "contrary to what has been reported, NSLDS does not provide access to e-mail addresses, phone numbers or any other addresses of borrowers."

The department has found that policing data access and authorized usage of its database is an ongoing process rather than an objective that can simply be accomplished. An April 2005 letter the department sent to database users reminded them that failure to comply with access and usage requirements may result in the organization or individual losing access to NSLDS. Violators could also face sanctions, including the limiting, suspension, or termination of access privileges.

To access the database, a user must enter a borrower's social security number, PIN, and other personal information, making the site "as secure as using an ATM," the Education Department says on its Web site, which also points out that federal privacy laws protect this information. "The only people who can access NSLDS are those individuals that need the information to calculate your future aid eligibility, or to resolve questions about your loans or grants on a need-to-know basis," according to the site.

The Department of Education slipped from a C- to an F in its most recent annual computer security report card, which is required under the 2002 Federal Information Security Management Act. Agencies are rated on annual tests of information security, whether they certify and accredit their systems as secure, how well they manage the configuration of their computers, how they detect and react to security breaches, their training programs, and the accuracy of their inventories.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights