“After
the disastrous rollout of Partner Connect 2.0 I hope the
Department has learned some lessons. Top in my mind is that it is
essential the the Dep of ED engage ALL their stakeholders
(institutions, TPSs, Guarantee Agencies, Loan servicers, etc.) in
testing PRIOR to the rollout of these updates. It is completely
unfair to stakeholders to have them do testing on a live systems
(as happened with moving the E-App into Partner Connect) when
they are trying to engage in essential functions.”
|
Thank
you for the comment. No changes have been made to this
information collection request related to this comment.
|
“Allowing
for more support to students who utilize federal financial aid,
including subsidized and unsubsidized loans, is never a bad idea.
The more support that a student has when it comes to repaying of
loans as well as how to best stay on time with payments as well
as catch up when you fall behind, the more chances they have to
keep their own finances afloat as a working adult. I can
personally appreciate all and any avenues of support for causes
of this nature.”
|
Thank
you for the comment. No changes have been made to this
information collection request related to this comment.
|
Access
authorization to FSA systems for the listed categories of
entities should come with a clause of relevance: e.g. if there
is no guaranty issues for a specific applicant or recipient of
aid, then guaranty services should not access that individual’s
information. An applicant’s submitted application should
be the indicator of relevance for the approached service to
access that applicant’s record. Likewise, the state is not
a party to a student’s applying for federal aid, so it
should not go into a student’s information. The Department
may send the state a bulk number of federal aid recipients
residing in that state. If the fed aid recipient applies for the
state ed aid, then the state can collect that applicant’s
personal details for eligibility processing. The FSA systems
should be used on a need-to-know basis.
Privacy
Impact Assessments for SAIG and PEPS were completed on March
2020 and November 2022 – both reflecting circumstances of
then-ongoing COVID-19 pandemic time, and are no longer
representative. Both assessments should be ran now to reflect
the accuracy of current, non-extreme circumstances.
In
the docket’s Q+A Supporting Statement, the procedure of
collecting entities’ users’ names, DOB, part of SSN,
and contract-promises of propriety is insufficient to protect
private information of applicants, students, and families. (The
text’s, “to protect privacy information contained in
the FSA systems,” is misleading.) Consequential punitive
measures need to be established for misuse and improper handling
of personal information from the FSA systems. A right to private
action should be expressly stated. (A great deal of financial,
employment, rental, and other prerequisites for social mobility
depend on the security of entries, and their accuracy, in this
database.)
The
applicants, students, or their parents – those whose
information gets submitted into FSA databases – should
have a right to, upon request, receive a disclosure of detailed
users’ accesses to their information along with the
purpose for accessing the information. There should be an option
of obtaining a printout of all information that is assigned to
the individual’s name or identifier (which may include
users’ notes and results of processing). This should be
provided by a single source, the US Department of Education,
through a request form. Partner Connect System and their net of
access-authorized entities, many of whom are private businesses,
are free to create own rules and obstacles to avoid disclosures
or upset their completeness. Also, a complaint procedure needs
to be established for the grievances of individuals-owners of
the information in the database(s). Q+A Supporting Statement’s
item 7 needs to be updated to require all users to retain all
records created by them related to individuals’ info for
the same amount of time as the IRS recommends people keep their
financial records. This is a way for individuals to evidence
fumbles caused by users of FSA systems to a third party.
Because
the Department chose to have FSA run through authorizing
thousands of users to access and use applicants’,
students’, and families’ information, it essentially
added conditions to receive federal program benefits –
this is outrageously exploitive. Therefore, the Department needs
to expend for information protection measures.
In
the interest of transparency, Department should not reserve the
right to designate other entities, including “private”,
for “re-disclos[ure] [any of student information,
including] student’s Free Application for Federal Student
Aid (FAFSA) filing status” through undisclosed additional
“written agreement[s]”. Rule making procedure
requires public review.
There
is no known way for an entity to prevent breaches of its
database.
Institutions
should not be directed to “use software developed by the
institution, or its vendor” (as it expands the number and
breach risk of databases with personal info of aid applicants),
instead of the Department’s provided unified, defined in
use and purpose one.
If
the cost of providing such software is prohibitive “to
protect Federal fiscal interests”, then the costly
transitioning to a new systems should not be undertaken. The
obviously efficient and economic way to provide federal
education aid is through a kiosk-style algorithm, processing
application form fields against eligibility criteria and sending
the resulting amount of aid to the school of attendance. Same
with loans.
Instead
of having the reliable student-oriented “Student Aid
internet Gateway (SAIG)” adjusted, the Department chose to
introduce a new, contractor-oriented “Partner Connect”
of many, including ambiguous “institutional third-party
servicers” that are essentially permitted to
self-regulate.
|
Thank
you for the commnet. Upon logging in to FSA Partner Connect,
users must read and acknowledge the Privacy
Act and Rules
of Behavior. The
Privacy Act
includes, “If you use an FSA system, you are explicitly
consenting to be bound by the [Privacy] Act's requirements and
acknowledge the possible criminal and civil penalties for
violation of the [Privacy] Act… Any officer or employee
of an agency, who by virtue of his employment or official
position, has possession of, or access to, agency records which
contain individually identifiable information the disclosure of
which is prohibited by this section or by rules or regulations
established there under, and who knowing that disclosure of the
specific material is so prohibited, willfully discloses the
material in any manner to any person or agency not entitled to
receive it, shall be guilty of a misdemeanor and fined not more
than $5,000.” The Rules
of Behavior
include, “Your User ID and password are for official
Department of Education business only. You are individually
responsible for ensuring that data/information obtained from FSA
systems is not used improperly… I further understand that
violation of these rules and responsibilities may be
prosecutable under local, State, and/or Federal law.” No
changes have been made to this information collection request
related to this comment.
Thank
you for the comment and request. Existing Privacy Impact
Assessments (PIAs) are updated when a system change creates new
privacy risks or to reflect changed information collection
authorities, business processes or other factors affecting the
collection and handling of information in identifiable form. As
stated in Item 10 below, PIAs for SAIG and PEPS were completed
on March 30, 2020 and November 3, 2022, respectively. The most
recent PIA for FSA Partner Connect was published on December 14,
2020. An updated PIA for FSA Partner Connect is in progress and
will be published on ed.gov
once approved/finalized. We have added this to Item 10 below.
Thank
you for the comment. No changes have been made to this
information collection request related to this comment.
Thank
you for the comment. The System of Records Notices (SORNs)
listed in Item 10 below include instructions for determining
whether a record exists regarding you in the system
(“Notification Procedures”) and contesting the
content of a record in the system pertaining to you (“Contesting
Record Procedures”). Additional information on system
record retention can be found in the SORNs listed in Item 10
below (“Policies and Practices for Retention and Disposal
of Records”). No changes have been made to this
information collection request related to this comment.
Thank
you for the comment. Information on the Department’s
information protection measures can be found in the System of
Records Notices (SORNs) and Privacy Impact Assessments (PIAs)
listed in Item 10 below. For institutions/organizations,
Authorizing Officials and/or their Designees must electronically
sign the Authorizing
Official Approval Form,
which includes information protection measures that the
institution/organization must adhere to. Users that gain access
to FSA Partner Connect must electronically sign the
Responsibilities
of FSA Partner Connect Users,
which includes information protection measures that the
individual must adhere to. No changes have been made to this
information collection request related to this comment.
Thank
you for the comment. No changes have been made to this
information collection request related to this comment.
Thank
you for the comment. The forms within this package (Authorizing
Official Approval Form,
Designation of
Authorizing Official Designee Form,
and Responsibilities
of FSA Partner Connect Users)
provide guidance to institutions/organizations on how to report
an unauthorized disclosure or breach of student applicant
information or other sensitive information (such as personally
identifiable information) to the Department. No changes have
been made to this information collection request related to this
comment.
Thank
you for the comment. No changes have been made to this
information collection request related to this comment.
Thank
you for the comment. No changes have been made to this
information collection request related to this comment.
Thank
you for the comment. Institutional Third-Party Servicers refer
to the entities or individuals that enter into a contract with
an institution and administer any aspect of an institution's
participation in the Title IV programs on behalf of an eligible
institution. No changes have been made to this information
request related to this comment.
|
The
old system of processing FERPA applications, SAIG, has worked for
a long time and should be continued as an option to the applicant
of federal aid.
Last
year, the trial version of FSA caused problems nationwide.
Malfunctions in unrolling any new product on a mass scale are
foreseeable. There was no safety net provided by ED to offset
this, and millions of phone calls for help from college-applying
families were ignored.
[https://www.gao.gov/products/gao-24-107407] The Congress rule to
simplify FAFSA form was to increase access to education.
Department’s choices in implementing the rule achieved the
opposite. Enrollment has decreased by 40% in Arizona alone
[https://kjzz.org/news/2024-06-11/fafsa-problems-have-been-felt-more-in-arizona-than-in-other-states]
and lower-income students and minorities were especially harmed.
(When
enrollment of poor enrollees decrease, it results in positive
statistics for the Department: poor enrollees represent a lower
rate of staying and graduating college. So without them, the rate
increases, suggesting improvement.)
Pacifying
user-applicants with the familiar interface of SAIG Mailboxes
(from the system that was reliable) as the access point, while
having the rest of processing and reporting done through Partner
Connect (the system that caused disasters) is misleading and
deceiving because it puts up a facade of reliability. The
department needs to illustrate that the cost-benefit analysis of
continuing with a proven-to-be-bad Partner Connect system is more
favorable to students’ completion of post-secondary
education than reverting to the working SAIG. Additionally, the
Department does not put forth any founded assurances that, going
forward, Partner Connect will function as intended.
For
those reasons, the Department needs to make available a safety
net, an alternative way to apply for federal education aid, to
ensure that it gets processed reliably. The dependable SAIG
system could be such alternative. This would fulfill the
Department’s duty that, “agency shall identify …
available alternatives to direct regulation, … providing
information upon which choices can be made by the public”.
It
is important that the burden of stress and expense to applicants’
families, time spent on ED’s non-working system, and the
the long-term impact on the applicant’s ability to make a
living be calculated, as it was a burden imposed upon society by
ED and its bad choices in implementing the Congress’s
directive, and in the absence of any failsafe - just as with this
proposal.
|
Thank
you for the comment. SAIG Mailboxes will remain as the access
point for electronically transmitting and receiving data. FSA
Partner Connect will be replacing the functions of managing
enrollment to access SAIG Mailboxes (fsawebenroll.ed.gov). No
changes have been made to this information collection request
related to this comment.
|