During your visit to the StudentLoans.gov Web site, our web operating system will record:
- The Internet domain for your Internet service, such as "xcompany.com" or "xcompany.net" if you use a private Internet access account, or "yourschool.edu" if you connect from a college or university domain.
- The type of browser (such as "Firefox version X" or "Internet Explorer version X") that you are using.
- The type of operating system that you use (such as Macintosh, Unix, or Windows).
- The date and time you visit our site, and the web pages that you visit on our site.
- The address of the previous web site you were visiting, if you linked to us from another web site.
After you login successfully to the StudentLoans.gov Web site, we use "cookies" to help you use our web sites interactively. A cookie is a small file that a web site transfers to your computer's hard disk to keep track of your session as you move from page to page while connected to that site.
These cookies collect no information about you, but only about your browser "session." The cookie makes it easier for you to use the dynamic features of these web pages, without having to provide the same information again as you move from one page to another. The cookie and the information about your session will be destroyed automatically shortly after you close your browser or click the logout button -- it is not permanently stored on your computer.
For security purposes and to make sure this service remains available to all users, we use special software programs for monitoring network traffic to identify unauthorized attempts to upload or change information, or otherwise to cause damage to this government computer system. These programs collect no personally identifiable information, but they do collect information that could help us identify someone attempting to tamper with this web site.
If you decide to send us an electronic mail message (e-mail), the message will usually contain your return e-mail address. If you include personally-identifying information in your e-mail because you want us to help you with a specific problem, we may use that information in contacting other federal agencies or our partners (such as colleges, lenders, or state agencies) about your student aid. In other limited circumstances, including requests from Congress or limited other parties, we may be required by law to disclose information that you submit.
Also, e-mail is not necessarily secure against interception. If your communication is very sensitive, or includes personal information such as data from your tax return or student loan account, you may prefer to send it by postal mail to:
If you have applied for federal student aid or have received a federal student loan, the Office of Federal Student Aid is authorized to maintain a record of all transactions related to your application or loan.
Review the System of Records notices, which list the authorized disclosures and the safeguards for Office of Federal Student Aid systems under the Privacy Act of 1974, as amended. The systems that apply specifically to loans that you receive under the Direct Loan Program are #18-11-05 called Title IV Program Files and #18-11-06 called National Student Loan Data System (NSLDS).
The fact that you have completed an electronic Master Promissory Note (MPN), Direct PLUS Loan Request or Entrance Counseling will be communicated to the school for which you are borrowing the money. The privacy of financial aid records (and admission, enrollment, and other records) kept by an educational institution is protected by the Family Educational Rights and Privacy Act. Click here to read the FERPA regulations.INTRODUCTION TO PRIVACY IMPACT ASSESSMENT
Section 208 of the E-Government Act of 2002 (P.L.107-347) requires FSA to complete a Privacy Impact Assessment for each new system that collects information from the public through the Internet.
During the Definition Phase of the FSA Solution Lifecycle, the System Security Officer must make sure that the team completes the attached Privacy Impact Assessment Questionnaire, must have it reviewed by the Chief Information Officer or equivalent official, and must file the completed form in the system's Security Notebook as part of the system's documentation. This Privacy Impact Assessment must also be made publicly available.Privacy Impact Assessment Questionnaire
System Name: Common Origination and Disbursement (COD)
System Owner: William Leith
System Manager: Nancy Hoover
System Security Officer: Don Dorsey
Privacy Impact Assessment Questionnaire Author: Don Dorsey
Officials and organizational components involved in the analysis and review of the Privacy Impact Assessment included the following: Department of Education Office of the Chief Information Officer, Federal Student Aid (FSA) CIO Computer Security Officer, and COD management, including the System Security Officer.
What information will be collected for the system (Ex. Name, Social Security Number, annual income, etc)?
- The COD system receives, processes and stores privacy act related data, such as names, social security numbers, current address, date of birth, place of birth, telephone numbers, and dollar amounts.
- The general public does not have access to COD.
Why is this information being collected?
The information is provided by the student applicants and the schools participating in the Title IV Higher Education Student Financial Aid Programs to enable the administration of the Federal Title IV grants and loans by the Department. The Title IV loans and grants are used by eligible students to attend those schools.
How will FSA use this information?
- FSA/COD uses this student-level detail to book loans, account for awarded grants and to enable the Department to reconcile school cash drawdowns from the Treasury to individual student disbursements.
- This information also is used to ensure the respective schools receive the appropriate amount of dollars during the respective time periods.
- Not routinely (This information can be made available for a civil or criminal law enforcement activity that is authorized by law, upon a written request by the agency).
- Extensive Privacy Act notices are posted at the web site of the Free Application for Federal Student Aid (http://www.fafsa.ed.gov). The basis for the data sent to COD by colleges is the FAFSA®, which is filled out by student applicants first. The FAFSA® is an OMB approved data collection instrument (OMB #1845-0001)
- All information is protected by a secure FSA ID or password and is monitored by automated and manual controls.
- COD is developed and maintained under a contract with Accenture, and is housed within a secure facility run under a subcontract with TSYS Inc., one of the largest credit card processors in the world.
- Interfacing ED systems are operated for the most part within FSA's Virtual Data Center (VDC), located in Plano, TX, which provides the respective security controls. The COD data is encrypted as it moves between COD system interfaces.
- System administrators outside of the VDC provide comparable security controls to protect the system and the information contained therein.
- A system of records notification has been submitted to update the previous system of record notification for the TEACH Program.