Privacy Act of 1974; System of Records-Office of Inspector General Data Analytics System, 61406-61412 [E8-24610]

Agencies

• DEPARTMENT OF EDUCATION

[Federal Register Volume 73, Number 201 (Thursday, October 16, 2008)]
[Notices]
[Pages 61406-61412]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E8-24610]


-----------------------------------------------------------------------

DEPARTMENT OF EDUCATION


Privacy Act of 1974; System of Records--Office of Inspector 
General Data Analytics System

AGENCY: Office of the Inspector General, Department of Education.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended 
(Privacy Act), the Department of Education (Department) publishes this 
notice of a new system of records entitled ``The Office of Inspector 
General Data Analytics System (ODAS)'' (System Number 18-10-02). This 
system will store individually identifying information from a variety 
of individuals who have applied for or received grants, contracts, 
loans, or payments from the Department.

DATES: The Department seeks comment on the new system of records 
described in this notice, in accordance with the requirements of the 
Privacy Act. We must receive your comments about the new system of 
records on or before November 17, 2008.
    The Department filed a report describing the new system of records 
covered by this notice with the Chair of the Senate Committee on 
Homeland Security and Governmental Affairs, the Chair of the House of 
Representatives Committee on Oversight and Government Reform, and the 
Administrator of the Office of Information and Regulatory Affairs, 
Office of Management and Budget (OMB) on October 9, 2008. TThis system 
of records will become effective at the later date of-- (1) the 
expiration of the 40-day period for OMB review on November 19, 2008 
unless OMB waives 10 days of the 40-day review period for compelling 
reasons shown by the Department, or (2) November 17, 2008, unless the 
system of records needs to be changed as a result of public comment or 
OMB review.

ADDRESSES: Address all comments about the new system of records to the 
Assistant Inspector General for Information Technology Audits and 
Computer Crime Investigations, Office of Inspector General, U.S. 
Department of Education, 400 Maryland Avenue, SW., Potomac Center Plaza 
(PCP), 8th Floor,

[[Page 61407]]

Washington, DC 20202-1510. If you prefer to send comments through the 
Internet, use the following address: comments@ed.gov
    You must include the term ``ODAS'' in the subject line of your 
electronic message.
    During and after the comment period, you may inspect all public 
comments about this notice at the U.S. Department of Education in the 
PCP, Room 8166, 500 12th Street, SW., Washington, DC 20024, between the 
hours of 8 a.m. and 4:30 p.m., Eastern time, Monday through Friday of 
each week except Federal holidays.

Assistance to Individuals With Disabilities in Reviewing the Rulemaking 
Record

    On request, we will supply an appropriate aid, such as a reader or 
print magnifier, to an individual with a disability who needs 
assistance to review the comments or other documents in the public 
rulemaking record for this notice. If you want to schedule an 
appointment for this type of aid, please contact the person listed 
under FOR FURTHER INFORMATION CONTACT.

FOR FURTHER INFORMATION CONTACT: Shelley Shepherd, Assistant Counsel to 
the Inspector General, 400 Maryland Ave., SW., PCP, Washington, DC 
20202. Telephone: (202) 245-7077.
    If you use a telecommunications device for the deaf (TDD), call the 
Federal Relay Service (FRS), toll free, at 1-800-877-8339.
    Individuals with disabilities can obtain this document in an 
alternative format (e.g., Braille, large print, audiotape, or computer 
diskette) on request to the contact person listed in the preceding 
paragraph.

SUPPLEMENTARY INFORMATION: 

Introduction

    The Privacy Act (5 U.S.C. 552a(e)(4)) requires the Department to 
publish in the Federal Register a notice of new system of records 
maintained by the Department. The Department's regulations implementing 
the Privacy Act are contained in the Code of Federal Regulations (CFR) 
in 34 CFR part 5b.
    The Privacy Act applies to information about an individual that is 
maintained in a system of records from which individually identifying 
information is retrieved by a unique identifier associated with each 
individual, such as a name or social security number. The information 
about each individual is called a ``record,'' and the system, whether 
manual or computer-driven, is called a ``system of records.'' The 
Privacy Act requires each agency to publish a system of records notice 
in the Federal Register and to submit reports to the Administrator of 
the Office of Information and Regulatory Affairs, OMB, the Chair of the 
House of Representatives Committee on Oversight and Government Reform, 
and the Chair of the Senate Committee on Homeland Security and 
Governmental Affairs, whenever the agency publishes a new or altered 
system of records.

Background of System of Records

    ODAS is a system of records that will store individually 
identifying information from a variety of individuals who have applied 
for or received grants, contracts, loans, or payments from the 
Department. These individuals include: Employees of the Department; 
consultants; contractors; grantees; advisory committee members or 
others who have received funds from the Department for performing 
services; students who have applied for Federal student financial 
assistance; Pell Grant recipients; borrowers of William D. Ford Federal 
Direct Loans, Federal Family Education loans, Federal Insured Student 
loans or Federal Perkins loans; owners, board members, officials, or 
authorized agents of postsecondary institutions; and individuals 
applying to the Department's Office of Federal Student Aid for a 
personal identification number.
    Information in this system will be obtained from the following 
systems of records maintained by the Department: Education's Central 
Automated Processing System (EDCAPS)(System Number 18-03-02); Federal 
Student Aid Application File (System Number 18-11-01); Recipient 
Financial Management System (the Department expects to amend this 
system soon and re-name it as the Common Origination and Disbursement 
System (COD)) (System Number 18-11-02); Title IV Program Files (System 
Number 18-11-05); National Student Loan Data System (NSLDS)(System 
Number 18-11-06); Student Financial Assistance Collection Files (System 
Number 18-11-07); Postsecondary Education Participants System 
(PEPS)(System Number 18-11-09); the Department of Education (ED) PIN 
(Personal Identification Number) (System Number 18-11-12); and the 
Student Authentication Network Audit File (System Number 18-11-13).
    This new system of records notice is being established because it 
will involve the new use of records covered by existing Department 
systems of records. This new system of records will be used to identify 
internal control weaknesses and to identify system issues to improve 
methods of data modeling and annual audit planning. This system will 
provide the Department's Office of Inspector General (OIG) with access 
to a single repository of data that currently resides in many, 
different Department systems of records. OIG will conduct data modeling 
on this data, using statistical and mathematical techniques, in order 
to predict anomalies indicating fraudulent activity.
    Under the Inspector General Act of 1978, as amended, 5 U.S.C. 
Appendix, Inspectors General, including the Department's Inspector 
General, are responsible for conducting, supervising, and coordinating 
audits and investigations, relating to programs and operations of the 
Federal agency for which their office is established. This system of 
records facilitates OIG's performance of this statutory duty.
    Pursuant to 5 U.S.C. 552a(k)(2), through rulemaking, may exempt 
from a limited number of Privacy Act requirements a system of records 
that contains investigatory materials compiled for law enforcement 
purposes. The materials in this system of records fall within the scope 
of section 552a(k)(2).
    Pursuant to 5 U.S.C. 552a(k)(2), the Secretary has issued final 
regulations published elsewhere in this issue of the Federal Register 
exempting the ODAS from the following Privacy Act requirements:
    5 U.S.C. 552a(c)(3)--access to accounting of disclosure.
    5 U.S.C. 552a(c)(4)--notification to outside parties and agencies 
of correction or notation of dispute made in accordance with 5 U.S.C. 
552a(d).
    5 U.S.C. 552a(d)(1) through (4) and (f)--procedures for 
notification or access to, and correction or amendment of, records.
    5 U.S.C. 552a(e)(1)--maintenance of only relevant and necessary 
information.
    5 U.S.C. 552a(e)(4)(G) and (H)--inclusion of information in the 
system of records notice regarding Department procedures on 
notification of, access to, correction of, and amendment of records.

Electronic Access to This Document

    You can view this document, as well as all other documents of this 
Department published in the Federal Register, in text or Adobe Portable 
Document Format (PDF) on the Internet at the following site: https://
www.ed.gov/news/fedregister.
    To use PDF you must have Adobe Acrobat Reader, which is available 
free at this site. If you have questions about using PDF, call the U.S. 
Government

[[Page 61408]]

Printing Office (GPO), toll free, at 1-888-293-6498; or in the 
Washington, DC, area at (202) 512-1530.

    Note: The official version of this document is the document 
published in the Federal Register. Free Internet access to the 
official edition of the Federal Register and the Code of Federal 
Regulations is available on GPO Access at: https://www.gpoaccess.gov/
nara/.


    Dated: October 10, 2008.
Mary Mitchelson,
Acting Inspector General.

    For the reasons discussed in the preamble, the Inspector General of 
the U.S. Department of Education (Department) publishes a notice of a 
new system of records to read as follows:
18-10-02

SYSTEM NAME:
    The Office of Inspector General Data Analytics System (ODAS).

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    The Office of Inspector General, Information Technology Audits and 
Computer Crimes Investigations (ITACCI), U.S. Department of Education, 
550 12th Street, SW., room 8089, Washington, DC 20024-6122.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system will include records on individuals that are obtained 
from the following other systems of records maintained by the 
Department:
    Education Central Automated Processing System (18-03-02)
    The categories of individuals included from this system are 
employees of the Department, consultants, contractors, grantees, 
advisory committee members, and other individuals receiving funds from 
the Department for performing services for the Department.
    Federal Student Aid Application File (18-11-01)
    The categories of individuals included from this system are 
students applying for Federal student financial assistance under Title 
IV of the Higher Education Act of 1965, as amended (HEA).
    Recipient Financial Management System (the Department soon expects 
to amend this system and re-name it as the Common Origination and 
Disbursement System (COD)) (18-11-02)
    The categories of individuals included from this system are records 
of individuals who apply for or receive a grant or loan which is made 
under (1) the Federal Pell Grant Program; (2) the Academic 
Competitiveness Grant (ACG) Program; (3) the National Science and 
Mathematics Access to Retain Talent Grant (National SMART Grant) 
Program; and (4) the William D. Ford Federal Direct Loan (Direct Loan) 
Program, Federal Direct Unsubsidized and Subsidized Stafford/Ford 
Loans, and Federal Direct PLUS Loans.
    Title IV Program Files (18-11-05)
    The categories of individuals included from this system are: 
individuals who apply for Federal financial student aid; recipients of 
Federal Pell Grants; recipients of Federal Direct Student Loans; and 
borrowers whose loan defaulted or borrower died, became disabled or had 
a loan discharged in bankruptcy under the Federal Direct Student Loan 
program.
    National Student Loan Data System (NSLDS) (18-11-06)
    The categories of individuals included from this system are:
    (1) Borrowers who have applied for and received loans under the 
William D. Ford Federal Direct Loan Program, the Federal Family 
Education Loan (FFEL) Program, the Federal Insured Student Loan (FISL) 
Program, and the Federal Perkins Loan Program (including National 
Defense Student Loans, National Direct Student Loans, Perkins Expanded 
Lending and Income Contingent Loans); and
    (2) Recipients of Federal Pell Grants and persons who owe an 
overpayment on a Federal Pell Grant, Federal Supplemental Educational 
Opportunity Grant or Federal Perkins Loans.
    Student Financial Assistance Collection Files (18-11-07)
    The categories of individuals included from this system are 
individuals who have student loans made under the FFEL Program: 
Stafford Loans (formerly the Guaranteed Student Loan Program (GSL), 
including Federally Insured Student Loans), Supplemental Loans for 
Students (SLS), PLUS Loans (formerly Parental Loans for Undergraduate 
Students), and Consolidation Loans; the William D. Ford Federal Direct 
Student Loan (Direct Loan) Program (formerly known as the Stafford/Ford 
Loan Program (SFLP), Federal Direct Unsubsidized Stafford/Ford Loan 
Program, Federal Direct Consolidation Loan, and Federal Direct Plus 
Loans; and Federal Perkins Loans (formerly known as National Direct/
Defense Student Loans (NDSL)) and those who are awarded grants under 
the Federal Pell Grant Program and the Supplemental Education 
Opportunity Grant Program (SEOG).
    Postsecondary Education Participants System (PEPS) (18-11-09)
    The categories of individuals included from this system are owners 
(individuals, either solely or as partners, and corporate entities), 
officials, and authorized agents of postsecondary institutions; members 
of boards of directors or trustees of such institutions; employees of 
foreign entities that evaluate the quality of education; third-party 
servicers, including contact persons.
    Department of Education (ED) PIN (Personal Identification Number) 
(18-11-12)
    The categories of individuals included from this system are former, 
current and prospective students and parents who apply for an ED PIN 
number. The ED PIN number is used for identification purposes when PIN 
holders access other Department systems, including the Free Application 
for Federal Student Aid (FAFSA), Access America and the Direct Loan 
Program.
    Student Authentication Network Audit File (18-11-13)
    The categories of individuals included from this system are 
individuals who have had, or attempted to have, their identity verified 
for the purpose of electronically completing and signing promissory 
notes and other documents in connection with applying for or obtaining 
aid, or carrying out other activities under the Student Financial 
Assistance Programs authorized by Title IV of the Higher Education Act 
of 1965, as amended.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system will include records that are obtained from the 
following other systems of records maintained by the Department:
    Education's Central Automated Processing System (18-03-02)
    The categories of records included from this system are 
individual's name, address, social security number, eligibility codes, 
detailed and summary obligation data, reports of expenditures, and 
grant management data, including application and close out information.
    Federal Student Aid Application File (18-11-01)
    The categories of records included from this system are the name, 
address, birth date, social security number, parents' and students' 
personal identification numbers assigned by the Department, and 
financial data necessary to identify applicants, verify applicant data, 
and calculate their expected family contributions for Federal student 
financial assistance. Also included from this system will be

[[Page 61409]]

information on the student's prior Federal Pell Grant awards and 
student loan status from the NSLDS database is maintained in the 
system. Finally, included from this system will be information from an 
individual's processed FAFSA form, such as Estimated Family 
Contribution, dependency status and post-secondary school identifier.
    Recipient Financial Management System (the Department expects to 
amend this system soon and re-name it as the Common Origination and 
Disbursement System (COD)) (18-11-02)
    The categories of records included from this system are records 
that are sent by institutions of higher education to the Department, 
and that include, but are not limited to, information such as an 
individual's social security number, birth date, name, address, e-mail 
address, driver's license number, telephone number, citizenship status, 
cost of attendance, enrollment information, type of financial aid 
award, and the amount and disbursement date of Federal financial aid 
awarded. In addition, this system contains collection referral amounts, 
loan repayment information, and promissory notes for loans made under 
the Federal Direct Loan program.
    Title IV Program Files (18-11-05)
    The categories of records included from this system are records 
regarding the amount of Pell Grant received; an applicant's demographic 
background; loan and education status; family income; social security 
number; address and telephone number; and employment information on 
borrowers and co-signers; default claim number; amount of claim; 
information pertaining to locating a borrower; collection and repayment 
history; information pertaining to the amount of the loan and repayment 
obligation; forbearance; cancellation; disability; and deferment 
information; and personal identification numbers assigned by the 
Department.
    National Student Loan Data System (NSLDS) (18-11-06)
    The categories of records included from this system are records 
regarding: (1) Student/borrower identifier information including social 
security number, date of birth and name; (2) the information on 
borrowers' loans covering the entire life cycle of a loan from 
origination through final payment, cancellation, discharge or other 
final disposition including details regarding each loan received by a 
student such as information on loan amounts, educational status, 
disbursements, balances, loan status, collections, claims, deferments, 
refunds and cancellations; (3) enrollment information including 
school(s) attended, anticipated completion date, enrollment status and 
effective dates; (4) student demographic information such as course of 
study, dependency, citizenship, gender, data on family income, expected 
family contribution, and address; (5) Federal Pell Grant amounts and 
dates; and (6) Federal Pell Grant, Federal Supplemental Educational 
Opportunity Grant, and Federal Perkins Loan Program overpayments.
    Student Financial Assistance Collection Files (18-11-07)
    The categories of records included from this system are records 
regarding an applicant's demographic background; loan, repayment 
history, and educational status; family income; social security number; 
address and telephone numbers; employment information on borrowers and 
co-signers; collection activity on accounts; default claim number; 
amount of claim; information pertaining to locating a borrower; 
collection and repayment obligation; forbearance; cancellation; 
disability; deferment; administrative wage garnishment; bankruptcy, 
death; closed school discharge; hearings; photocopy of all promissory 
notes; account collection records; administrative resolutions and 
litigations; and parents' and students' personal identification numbers 
assigned by the Department.
    Postsecondary Education Participants System (PEPS) (18-11-09)
    The categories of records included from this system are records 
regarding the eligibility, administrative capability, and financial 
responsibility of postsecondary institutions that participate in the 
student financial aid programs, including the names, taxpayer 
identification numbers (social security numbers), business addresses, 
and phone numbers of the individuals with substantial ownership 
interests in, or control over, those institutions, and personal 
identification numbers assigned by the Department.
    The Department of Education (ED) PIN (Personal Identification 
Number) Registration System (PIN) (18-11-12)
    The categories of records included from this system are name, 
social security number, date of birth and address of prospective 
students and parents who apply for an ED PIN number.
    Student Authentication Network Audit File (18-11-13)
    The categories of records included from this system are related to 
individuals seeking to have their identity verified for the purpose of 
electronically completing and signing promissory notes and other 
documents in connection with applying for or obtaining aid. Records 
include the individual's social security number; date of birth; first 
and last name; user code (i.e., the Department, lenders, schools, 
guarantee agencies and holders of Federal student loans) identifying 
the entity seeking to verify the individual's identity; data provided 
by the user that may subsequently be used for auditing or other 
internal purposes of the user); an action code documenting the 
``affirmed'' or ``denied'' verification response the system receives 
from the Department's PIN database; a unique identifier comprising a 
system-generated sequence number; and, the date and time the 
individual's identity is authenticated against the Department's PIN 
database.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The Inspector General Act of 1978, as amended, (5 U.S.C. Appendix.

PURPOSE(S):
    This system of records is maintained for the general purpose of 
enabling OIG to fulfill the requirements of section (4)(a)(1) and (3) 
of the Inspector General Act of 1978, as amended, which requires OIG to 
provide policy direction for and to conduct, supervise, and coordinate 
audits and investigations relating to the programs and operations of 
the Department and to conduct, supervise and coordinate activities for 
the purpose of promoting economy and efficiency in the administration 
of, or preventing and detecting fraud and abuse in, the programs and 
operations of the Department. This system is maintained for the purpose 
of improving the efficiency, quality, and accuracy of existing data 
collected by the Department. Records in this system will be used to 
conduct data modeling for indications of fraud, abuse and internal 
control weaknesses concerning Department programs and operations. The 
result of that data modeling may be used in the conduct of audits, 
investigations, inspections or other activities as necessary to prevent 
and detect waste, fraud and abuse in Department programs and 
operations.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES FOR SUCH USES:
    The Department may disclose information contained in a record in 
this system of records without the consent of the individual if the 
disclosure is compatible with the purpose for which the record was 
collected, under the following routine uses. OIG may make these 
disclosures

[[Page 61410]]

on a case-by-case basis or, if OIG has met the requirements of the 
Computer Matching and Privacy Protection Act of 1988, as amended, under 
a computer matching agreement.
    (1) Disclosure for Use by Other Law Enforcement Agencies. The 
Department may disclose information from this system of records as a 
routine use to any Federal, State, local, or foreign agency or other 
public authority responsible for enforcing, investigating, or 
prosecuting violations of administrative, civil, or criminal law or 
regulations if that information is relevant to any enforcement, 
regulatory, investigative, or prosecutorial responsibility of the 
receiving entity.
    (2) Disclosure to Public and Private Entities to Obtain Information 
Relevant to Department of Education Functions and Duties. The 
Department may disclose information from this system of records as a 
routine use to public or private sources to the extent necessary to 
obtain information from those sources relevant to an OIG investigation, 
audit, inspection, or other inquiry.
    (3) Disclosure for Use in Employment, Employee Benefit, Security 
Clearance, and Contracting Decisions.
    (a) For Decisions by the Department. The Department may disclose 
information from this system of records as a routine use to a Federal, 
State, local, or foreign agency maintaining civil, criminal, or other 
relevant enforcement or other pertinent records, or to another public 
authority or professional organization, if necessary to obtain 
information relevant to a Department decision concerning the hiring or 
retention of an employee or other personnel action, the issuance or 
retention of a security clearance, the letting of a contract, or the 
issuance or retention of a license, grant, or other benefit.
    (b) For Decisions by Other Public Agencies and Professional 
Organizations. The Department may disclose information from this system 
of records as a routine use to a Federal, State, local, or foreign 
agency, other public authority, or professional organization in 
connection with the hiring or retention of an employee or other 
personnel action, the issuance or retention of a security clearance, 
the letting of a contract, or the issuance or retention of a license, 
grant, or other benefit.
    (4) Disclosure to Public and Private Sources in Connection with the 
Higher Education Act of 1965, as Amended (HEA). The Department may 
disclose information from this system of records as a routine use to 
facilitate compliance with program requirements to any accrediting 
agency that is or was recognized by the Secretary of Education pursuant 
to the HEA; to any educational institution or school that is or was a 
party to an agreement with the Secretary of Education pursuant to the 
HEA; to any guaranty agency that is or was a party to an agreement with 
the Secretary of Education pursuant to the HEA; or to any agency that 
is or was charged with licensing or legally authorizing the operation 
of any educational institution or school that was eligible, is 
currently eligible, or may become eligible to participate in any 
program of Federal student assistance authorized by the HEA.
    (5) Litigation and Alternative Dispute Resolution (ADR) 
Disclosures.
    (a) Disclosure to the Department of Justice. If the disclosure of 
certain records to the Department of Justice (DOJ) is relevant and 
necessary to litigation or ADR and is compatible with the purpose for 
which the records were collected, the Department may disclose those 
records as a routine use to the DOJ. The Department may make such a 
disclosure in the event that one of the following parties is involved 
in the litigation or ADR or has an interest in the litigation or ADR:
    (i) The Department or any component of the Department;
    (ii) Any employee of the Department in his or her official 
capacity;
    (iii) Any Department employee in his or her individual capacity if 
the DOJ has been asked or has agreed to provide or arrange for 
representation for the employee;
    (iv) Any employee of the Department in his or her individual 
capacity if the Department has agreed to represent the employee or in 
connection with a request for that representation; or
    (v) The United States, if the Department determines that the 
litigation or ADR proceeding is likely to affect the Department or any 
of its components.
    (b) Other Litigation or ADR Disclosure. If disclosure of certain 
records to a court, adjudicative body before which the Department is 
authorized to appear, individual or entity designated by the Department 
or otherwise empowered to resolve disputes, counsel, or other 
representative, party, or potential witness is relevant and necessary 
to litigation or ADR and is compatible with the purpose for which the 
records were collected, the Department may disclose those records as a 
routine use to the court, adjudicative body, individual or entity, 
counsel or other representative, party, or potential witness. The 
Department may make such a disclosure in the event that one of the 
following parties is involved in the litigation or ADR or has an 
interest in the litigation or ADR:
    (i) The Department or any component of the Department;
    (ii) Any employee of the Department in his or her official 
capacity;
    (iii) Any Department employee in his or her individual capacity if 
the DOJ has been asked or has agreed to provide or arrange for 
representation for the employee;
    (iv) Any employee of the Department in his or her individual 
capacity if the Department has agreed to represent the employee; or
    (v) The United States, if the Department determines that the 
litigation or ADR is likely to affect the Department or any of its 
components.
    (6) Disclosure to Contractors and Consultants. The Department may 
disclose information from this system of records as a routine use to 
the employees of any entity or individual with whom or with which the 
Department contracts for the purpose of performing any functions or 
analyses that facilitate or are relevant to an OIG investigation, 
audit, inspection, or other inquiry. Before entering into such a 
contract, the Department must require the contractor to maintain 
Privacy Act safeguards, as required under 5 U.S.C. 552a(m) with respect 
to the records in the system.
    (7) Debarment and Suspension Disclosure. The Department may 
disclose information from this system of records as a routine use to 
another Federal agency considering suspension or debarment action if 
the information is relevant to the suspension or debarment action. The 
Department also may disclose information to any Federal, State, or 
local agency to gain information in support of the Department's own 
debarment and suspension actions.
    (8) Disclosure to the Department of Justice. The Department may 
disclose information from this system of records as a routine use to 
the DOJ to the extent necessary for obtaining the DOJ's advice on any 
matter relevant to Department of Education programs or operations.
    (9) Congressional Member Disclosure. The Department may disclose 
information from this system of records to a Member of Congress or to a 
congressional staff member in response to an inquiry from the 
congressional office made at the written request of the constituent 
about whom the record is maintained. The member's right to the 
information is no greater than the right of the individual who 
requested the inquiry.

[[Page 61411]]

    (10) Benefit Program Disclosure. The Department may disclose 
records as a routine use to any Federal, State, local, or foreign 
agency, or other public authority, if relevant to the prevention or 
detection of fraud and abuse in benefit programs administered by any 
agency or public authority.
    (11) Collection of Debts and Overpayment Disclosure. The Department 
may disclose records as a routine use to any Federal, State, local, or 
foreign agency, or other public authority, if relevant to the 
collection of debts or to overpayments owed to any agency or public 
authority.
    (12) Disclosure to the President's Council on Integrity and 
Efficiency (PCIE). The Department may disclose records as a routine use 
to members and employees of the PCIE for the preparation of reports to 
the President and Congress on the activities of the Inspectors General.
    (13) Disclosure for Qualitative Assessment Reviews. The Department 
may disclose records as a routine use to members of the PCIE, the DOJ, 
the U.S. Marshals Service, or any Federal agency for the purpose of 
conducting qualitative assessment reviews of the investigative or audit 
operations of the Department's OIG to ensure that adequate internal 
safeguards and management procedures are maintained.
    (14) Disclosure in the Course of Responding to Breach of Data. The 
Department may disclose records to appropriate agencies, entities, and 
persons when (a) it is suspected or confirmed that the security or 
confidentiality of information in this system has been compromised; (b) 
the Department has determined that as a result of the suspected or 
confirmed compromise there is a risk of harm to economic or property 
interests, identity theft or fraud, or harm to the security or 
integrity of this system or other systems or programs (whether 
maintained by the Department or by another agency or entity) that rely 
upon the compromised information; and, (c) the disclosure is made to 
such agencies, entities, and persons who are reasonably necessary to 
assist the Department in responding to the suspected or confirmed 
compromise and in helping the Department prevent, minimize, or remedy 
such harm.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:
    Not applicable to this system of records.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISCLOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    The records are maintained on encrypted magnetic disks and 
encrypted tape cartridges in a locked computer facility within the U.S. 
Department of Education's OIG.

RETRIEVABILITY:
    Records in this system of records are retrieved by name or other 
identifying information of an individual or institution.

SAFEGUARDS:
    Access to data in ODAS is restricted to authorized OIG staff 
members and is recorded in an access log. All physical access to the 
Department's site where this system of records is maintained is 
controlled and monitored by security personnel who check each 
individual entering the buildings for his or her employee or visitor 
badge. All data contained in the system of records are kept on a 
secured and restricted private network and stored in a combination-
locked computer laboratory. ODAS is housed within a secure and 
controlled computer lab. Access to the lab is by authorized OIG 
personnel only. The general public does not have access to ODAS.
    All information stored in this system is secured by using database 
encryption technology and is resistant to tampering and circumvention 
by unauthorized users. Access to data by all users will be monitored 
using both automated and manual controls. The information is accessed 
by OIG staff on a ``need-to-know'' and intended systems usage basis.
    OIG maintains ODAS in a secure and controlled facility. Access to 
the computer lab is by authorized OIG personnel only. The general 
public does not have access to ODAS. The information maintained in ODAS 
is secured in accordance with OMB M-03-22, OMB Guidance for 
Implementing the Privacy Provisions of the E-Government Act of 2002, 
September 26, 2003, the E-Government Act, Section 208, Attachment A, 
and NIST 800-53, Revision 1, Recommended Security Controls for Federal 
Information Systems, December 2006.
    Contractors will not maintain this system, but under certain 
limited circumstances they may have access to the system. In accordance 
with the Department's Administrative Communications System Directive 
OM: 5-101 entitled ``Contractor Employee Personnel Security 
Screenings,'' all Department personnel who have facility access and 
system access must undergo a security clearance investigation. 
Individuals requiring access to Privacy Act data are required to hold, 
at a minimum, a moderate-risk security clearance level. These 
individuals are required to undergo periodic screening at five-year 
intervals.
    In addition to conducting security clearances, individuals with 
access to this system are required to complete security awareness 
training on an annual basis. Annual security awareness training is 
required to ensure that users are appropriately trained in safeguarding 
Privacy Act data in accordance with OMB Circular No. A-130, Appendix 
III.
    The computer system employed by the Department offers a high degree 
of resistance to tampering and circumvention. All users of this system 
of records are given a unique user identification, and users are 
required to change their password at least every 90 days in accordance 
with the Department's information technology standards.

RETENTION AND DISPOSAL:
    Records are maintained and disposed of in accordance with the 
Department's Records Disposition Schedules applicable to the 
aforementioned records. A new records retention and disposition 
schedule is under development for this system of records. Until NARA 
approves a retention and disposition schedule for these records, The 
Department will not destroy any records.

SYSTEM MANAGER AND ADDRESS:
    Roland Wong, Director, Computer Assisted Assessment Techniques, 
Information Technology Audits and Computer Crimes Investigations, 
Department of Education, Office of Inspector General, 400 Maryland 
Avenue, SW., PCP, Washington, DC 20202-1510.

NOTIFICATION PROCEDURE:
    This system is exempt from the notification procedures in 5 U.S.C. 
552a(e)(4)(G) pursuant to 5 U.S.C. 552a(k)(2) and 34 CFR 5b.11(c)(1).

RECORD ACCESS PROCEDURE:
    This system is exempt from the record access procedures in 5 U.S.C. 
552a(e)(4)(H) pursuant to 5 U.S.C. 552a(k)(2) and 34 CFR 5b.11(c)(1).

CONTESTING RECORD PROCEDURE:
    This system is exempt from the contesting record procedures in 5 
U.S.C. 552a(e)(4)(H) pursuant to 5 U.S.C. 552a(k)(2) and 34 CFR 
5b.11(c)(1).

[[Page 61412]]

RECORD SOURCE CATEGORIES:
    This system contains records taken from the following Department 
systems: Education's Central Automated Processing System (EDCAPS) 
(System Number 18-03-02); Federal Student Aid Application File (System 
Number 18-11-01); Recipient Financial Management System (the Department 
expects to amend this system soon and re-name it as the Common 
Origination and Disbursement System (COD)) (System Number 18-11-02); 
Title IV Program Files (System Number 18-11-05); National Student Loan 
Data System (NSLDS) (System Number 18-11-06); Student Financial 
Assistance Collection Files (System Number 18-11-07); Postsecondary 
Education Participants System (PEPS) (System Number 18-11-09); The 
Department of Education (ED) PIN (Personal Identification Number) 
Registration System (System Number 18-11-12); and the Student 
Authentication Network Audit File (System Number 18-11-13).

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    Pursuant to 5 U.S.C. 552a(k)(2), the Secretary, through rulemaking, 
may exempt from a limited number of Privacy Act requirements a system 
of records that contains investigatory materials compiled for law 
enforcement purposes. The materials in this system fall within the 
scope of section 552a(k)(2) because they are investigatory materials 
compiled for purposes of enforcing Federal legal requirements. 
Therefore, the Secretary has issued final regulations published 
elsewhere in this issue of the Federal Register exempting the ODAS from 
the following Privacy Act requirements:
    5 U.S.C. 552a(c)(3)--access to accounting of disclosure.
    5 U.S.C. 552a(c)(4)--notification to outside parties and agencies 
of correction or notation of dispute made in accordance with 5 U.S.C. 
552a(d).
    5 U.S.C. 552a(d)(1) through (4) and (f)--procedures for 
notification or access to, and correction or amendment of, records.
    5 U.S.C. 552a(e)(1)--maintenance of only relevant and necessary 
information.
    5 U.S.C. 552a(e)(4)(G) and (H)--inclusion of information in the 
system of records notice regarding Department procedures on 
notification of, access to, correction of, or amendment of records.

 [FR Doc. E8-24610 Filed 10-15-08; 8:45 am]
BILLING CODE 4000-01-P