Privacy

Major Laws and Publications Governing the Release of Student Data/Information

There are numerous federal laws that control the release of student data and the different laws impact the Office of Student Financial Aid’s (OSFA) use of this information in different ways, depending on the source of data and whether personally identifiable information (PII) (information that can be used to identify an individual, i.e., name, address, SSN, DOB, place of birth, any information that alone or in combination is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty) has been properly de-identified.

  1. Section 483(a)(3)(E) of the Higher Education Act(HEA) as amended specifically restricts the use of the Free Application for Federal Student Aid (FAFSA) data (including Award, estimated Cost of Attendance (COA), Expected Family Contribution (EFC) or financial need), and states that data collected on the FAFSA form shall be used only for the application, award, and administration of aid awarded under:
  • federal student aid programs,
  • state aid programs,
  • aid awarded by eligible institutions, and
  • such entities as the Department of Education (ED) may designate.

The only permissible method for most third parties to receive FAFSA information under HEA is directly from the student; OSFA cannot provide this information even with the student's written permission. However, appropriations legislation in 2018 and 2019[1] included amendments to this section of the HEA to allow institutions to share a student’s FAFSA data with scholarship-granting organizations and tribal organizations to assist with the application, awarding, or administration of scholarship programs (or for assisting the student in applying for assistance that would pay for items in a student’s official Title IV cost of attendance), but only if the student provides explicit written consent authorizing the release of such data.

  1. Section 485B(d)(2) of the HEA as amended also prohibits the use of NSLDS data for non-governmental research and marketing purposes.
  1. The Family Educational Rights and Privacy ACT (FERPA), 20 U.S.C. Section 1232g and 34 CFR Part 99 protects the privacy of students, in part by prohibiting postsecondary institutions from disclosing PII contained in education records to any third party – including the student’s parents –without the student’s written permissions.
  1. The Privacy Act, 5 U.S.C Section 552 governs the collection, maintenance, and use of records maintained by federal agencies and generally prohibits agencies from disclosing data contained in those records. The Privacy Act imposes restrictions on the University when a federal agency lawfully provides the University records to access to records.

  2. The Student Aid Internet Gateway (SAIG) Enrollment Agreement, requires the University to:
    • ensure that all users are aware of and comply with all of the requirements to protect and secure data from ED sources using SAIG; and to
    • report any suspected or actual data breaches

  3. The Gramm-Leach-Bliley Act (GBLA), 15 U.S.C. Section 6801 as well as the University’s Program Participation Agreement (PPA) states institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal Student Aid (FSA) programs authorized under Title IV of the HEA, as amended.

  4. The National Institute of Standards and Technology (NIST) Special Publication 800-171 identifies recommended requirements for ensuring the appropriate long-term security of certain Federal Controlled Unclassified Information (CUI) in the possession of institutions.

  5. ED’s Privacy Technical Assistance Center’s (PTAC) “Guidance on the Use of Financial Aid Information for Program Evaluation and Research” discusses the legal requirements and restrictions under these various Federal statutes and regulations.

 

[1] Fiscal Year 2018 Omnibus Appropriations Bill (P.L. 115-141) and Fiscal Year 2019 Labor-HHS Appropriations Bill (P.L. 115-245)