Privacy Act of 1974; System of Records, 56038-56044 [2022-19886]

Agencies

• DEPARTMENT OF EDUCATION

[Federal Register Volume 87, Number 176 (Tuesday, September 13, 2022)]
[Notices]
[Pages 56038-56044]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-19886]



[[Page 56038]]

-----------------------------------------------------------------------

DEPARTMENT OF EDUCATION

[Docket ID ED-2022-FSA-0108]


Privacy Act of 1974; System of Records

AGENCY: Federal Student Aid, U.S. Department of Education.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended 
(Privacy Act) (5 U.S.C. 552a), the U.S. Department of Education 
(Department) publishes this notice of a new system of records titled 
``Enterprise Data Management and Analytics Platform Services (EDMAPS)'' 
(18-11-22). The EDMAPS system is a data analytics platform that ingests 
data from multiple Federal Student Aid (FSA) systems of records to 
perform big-data analytics on FSA data in one common location, produce 
reports and statistical models, and serve as a centralized repository 
of information about FSA customers across the full student aid life 
cycle.

DATES: Submit your comments on this new system of records notice on or 
before October 13, 2022.
    This new system of records will become effective upon publication 
in the Federal Register on September 13, 2022, unless it needs to be 
changed as a result of public comment, except for the routine uses. The 
routine uses, listed in the section titled ``ROUTINE USES OF RECORDS 
MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF 
SUCH USES,'' will become effective on October 13, 2022, unless they 
need to be changed as a result of public comment. The Department will 
publish any significant changes to the new system of records notice or 
routine uses resulting from public comment.

ADDRESSES: Comments must be submitted via the Federal eRulemaking 
Portal at regulations.gov. However, if you require an accommodation or 
cannot otherwise submit your comments via regulations.gov, please 
contact the program contact person listed under FOR FURTHER INFORMATION 
CONTACT. The Department will not accept comments submitted by fax or by 
email or those submitted after the comment period. To ensure that we do 
not receive duplicate copies, please submit your comments only once. In 
addition, please include the Docket ID at the top of your comments.
    Federal eRulemaking Portal: Go to www.regulations.gov to submit 
your comments electronically. Information on using Regulations.gov, 
including instructions for accessing agency documents, submitting 
comments, and viewing the docket, is available on the site under the 
``help'' tab.
    Privacy Note: The Department's policy is to make all comments 
received from members of the public available for public viewing in 
their entirety on the Federal eRulemaking Portal at 
www.regulations.gov. Therefore, commenters should be careful to include 
in their comments only information that they wish to make publicly 
available.
    Assistance to Individuals With Disabilities in Reviewing the 
Rulemaking Record: On request, we will supply an appropriate 
accommodation or auxiliary aid to an individual with a disability who 
needs assistance to review the comments or other documents in the 
public rulemaking record for this notice. If you want to schedule an 
appointment for this type of accommodation or auxiliary aid, please 
contact the person listed under FOR FURTHER INFORMATION CONTACT.

FOR FURTHER INFORMATION CONTACT: Barry Goldstein, Chief Data Officer, 
FSA, U.S. Department of Education, UCP, Room 64E1, 830 First Street NE, 
Washington, DC 20202-5454. Telephone: (202) 377-4563.
    If you are deaf, hard of hearing, or have a speech disability and 
wish to access telecommunications relay services, please dial 7-1-1.

SUPPLEMENTARY INFORMATION:

Introduction

    The EDMAPS system provides a unified data platform and common data 
environment for FSA to improve the accuracy and consistency of student 
aid life cycle data. As described in greater detail below, the EDMAPS 
system brings together one of FSA's largest data platforms, the 
Enterprise Data Warehouse and Analytics (EDWA), and two newly created 
components, a Data Lake and Person Master Data Management (pMDM), to 
manage and reconcile data.
    Information from the student aid life cycle will be stored in 
EDMAPS to, among other things, support the principle of Master Data 
Management, with the goal of establishing a master copy of key data 
elements after reconciling and resolving interface discrepancies among 
various FSA databases.
    The EDMAPS system provides a more flexible data architecture that 
will allow FSA to, among other things, more efficiently and accurately 
respond to complex data requests and mandated changes in title IV of 
the Higher Education Act of 1965, as amended (HEA) (20 U.S.C. 1070 et 
seq.), policies and operations. It will also allow FSA to, for 
instance, provide additional insights into title IV, HEA programs, 
improve oversight of FSA vendors, and develop a global view of FSA 
operations.
    In summary, the EDMAPS system consists of the following components:
    (i) Enterprise Data Warehouse and Analytics (EDWA)--a data 
warehouse that ingests enterprise-wide data for the purposes of 
reporting, analytics, and the development of statistical models. FSA 
leverages EDWA in daily operations to help aid applicants and 
recipients achieve better outcomes through outreach to borrowers at 
risk of default and of being defrauded;
    (ii) Person Master Data Management (pMDM)--an EDMAPS system 
component that uses algorithms to identify the most accurate and/or up-
to-date identifying and contact records for an aid applicant, aid 
recipient, and parent or spouse of an aid applicant or recipient, as 
applicable; and
    (iii) Data Lake--a secure environment for receiving large 
quantities of raw data with the capability to curate the data into 
structured databases or the EDWA, archive data for future use, present 
structured and unstructured data to users for reporting and query 
purposes, and manage unstructured data for search or conversion to 
structured data utilizing optical character recognition (OCR) software. 
Unstructured data include pdf files, servicer telephone conversations, 
and free-text fields from feedback/complaint forms.
    EDMAPS differs from other FSA systems that contain similar or the 
same information in that its architecture and purpose primarily focus 
on analytics, reporting, and modeling, with limited focus on production 
including loan discharge (as explained below). FSA's production systems 
interact with key participants in the financial aid process, such as 
postsecondary institutions, and in many cases, can be used to generate 
reports or analysis, but their primary purpose is production and 
operations of the title IV, HEA programs. For instance, in addition to 
receiving replicated data, EDMAPS maintains month-end snapshots of data 
and roll ups of data, which facilitate reporting, analysis, and 
trending not only of recent data but also of historical data.
    EDMAPS also contains built-in statistical tools, such as Python and 
SAS, to facilitate regressions, modeling,

[[Page 56039]]

and big data analysis, all features that do not exist in the other 
systems.

Richard Cordray,
Chief Operating Officer, Federal Student Aid.
    For the reasons discussed in the preamble, the U.S. Department of 
Education publishes a notice of a new system of records to read as 
follows:

SYSTEM NAME AND NUMBER:
    ``Enterprise Data Management and Analytics Platform Services 
(EDMAPS)'' (18-11-22).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Federal Student Aid (FSA), U.S. Department of Education 
(Department), Union Center Plaza (UCP), 830 First Street NE, 
Washington, DC 20202-5454.
    Amazon Web Services (AWS), 1200 12th Avenue, Suite 1200, Seattle, 
WA 98114. (This is the Computer Center for the EDMAPS system's 
application, where all electronic EDMAPS system information is 
processed and stored.)
    Accenture, 22451 Shaw Road, Sterling, VA 20166-4319. (The EDMAPS 
system's Sterling Cloud-based Operations is located here.)
    Accenture DC, 810 First Street NE, Washington, DC 20202-4227. (This 
is the EDMAPS system's Operations Center.)

SYSTEM MANAGER(S):
    System Owner, EDMAPS System, Federal Student Aid (FSA), U.S. 
Department of Education (Department), Union Center Plaza (UCP), Room 
102-E5, 830 First Street NE, Washington, DC 20202.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The EDMAPS system is authorized under title I, Part D, and title IV 
of the Higher Education Act of 1965, as amended (HEA) (20 U.S.C. 1018--
1018b and 20 U.S.C. 1070 et seq.), the Presidential Memorandum 
entitled, ``A Student Aid Bill of Rights to Help Ensure Affordable Loan 
Repayment'' (March 10, 2015), the Higher Education Relief Opportunities 
for Students Act of 2003 (HEROES Act) (20 U.S.C. 1098bb) (including any 
waivers or modifications that the Secretary of Education deems 
necessary to make to any statutory or regulatory provision applicable 
to the student financial assistance programs under title IV of the HEA 
to achieve specific purposes listed in the section in connection with a 
war, other military operation, or a national emergency), and sections 
701(b) and 702(m) of the FAFSA Simplification Act, title VII, Division 
FF of Public Law (Pub. L.) 116-260, Consolidated Appropriations Act, 
2021.
    The EDMAPS system is largely comprised of records that originate 
from, and are also maintained in, other Department systems of records. 
Therefore, the Department is also listing the more specific authorities 
for those systems of records here:
    (1) National Student Loan Data System (NSLDS) (18-11-06). The 
authority under which the NSLDS system of records is maintained 
includes sections 101, 102, 132(i), 485, and 485B of the HEA (20 U.S.C. 
1001, 1002, 1015a(i), 1092, and 1092b), and sections 431(2) and (3) of 
the General Education Provisions Act (20 U.S.C. 1231a(2)-(3)). The 
collection of Social Security numbers (SSNs) of aid applicants and 
recipients who are covered by the NSLDS system is authorized by 31 
U.S.C. 7701 and Executive Order 9397 (November 22, 1943), as amended by 
Executive Order 13478 (November 18, 2008);
    (2) Common Origination and Disbursement (COD) (18-11-02). The COD 
system of records is authorized under title IV of the HEA and the 
HEROES Act (including any waivers or modifications that the Secretary 
of Education deems necessary to make to any statutory or regulatory 
provision applicable to the student financial assistance programs under 
title IV of the HEA to achieve specific purposes listed in the section 
in connection with a war, other military operation, or a national 
emergency);
    (3) Common Services for Borrowers (CSB) (18-11-16). The CSB system 
of records is authorized by titles IV-A, IV-B, IV-D, and IV-E of the 
HEA;
    (4) Health Education Assistance Loan (HEAL) Program (18-11-20). The 
authority for maintenance of the HEAL Program system of records 
includes sections 701 and 702 of the Public Health Service Act, as 
amended (PHS Act) (42 U.S.C. 292 and 292a), which authorize the 
establishment of a Federal program of student loan insurance; section 
715 of the PHS Act (42 U.S.C. 292n), which directs the Secretary of 
Education to require institutions to provide information for each 
student who has a loan; section 709(c) of the PHS Act (42 U.S.C. 
292h(c)), which authorizes disclosure and publication of HEAL 
defaulters; the Debt Collection Improvement Act (31 U.S.C. 3701 and 
3711-3720E); and the Consolidated Appropriations Act, 2014, Division H, 
title V, section 525 of Pub. L. 113-76, which transferred the authority 
to administer the HEAL program from the Secretary of Health and Human 
Services to the Secretary of Education;
    (5) Financial Management System (FMS) (18-11-17). The FMS system of 
records is authorized by title IV of the HEA;
    (6) Postsecondary Education Participants Systems (PEPS) (18-11-09). 
The PEPS system of records is authorized by sections 481, 487, 498 of 
the HEA (20 U.S.C. 1088, 1094, 1099c) and section 31001(i)(1) of the 
Debt Collection Improvement Act of 1996, Pub. L. 104-134 (31 U.S.C. 
7701);
    (7) Person Authentication Service (PAS) (18-11-12). The PAS system 
of records and the collection of personal information for the creation 
and management of an FSA ID (which includes a user ID and a password) 
is authorized programmatically by title IV of the HEA;
    (8) Student Aid Internet Gateway (SAIG), Participation Management 
System (18-11-10). The SAIG, Participation Management System, system of 
records is authorized by title IV of the HEA. The collection of SSNs of 
users of the SAIG, Participation Management System is authorized by 31 
U.S.C. 7701 and Executive Order 9397, as amended by Executive Order 
13478 (November 18, 2008);
    (9) Aid Awareness and Application Processing (18-11-21). The Aid 
Awareness and Application Processing system of records is authorized 
under title IV of the HEA (20 U.S.C. 1070 et seq.) and 20 U.S.C. 
1018(f) and 1087e(h). The collection of SSNs of users of the Federal 
Student Aid Application File system is also authorized by 31 U.S.C. 
7701 and Executive Order 9397, as amended by Executive Order 13478 
(November 18, 2008).

PURPOSE(S) OF THE SYSTEM:
    The information contained in this system of records is maintained 
for the following purposes (Note: Different parts of the HEA use the 
terms ``discharge,'' ``cancellation,'' or ``forgiveness'' to describe 
when a borrower's loan amount is reduced, in whole or in part, by the 
Department. To reduce complexity, this system of records notice uses 
the term ``discharge'' to include all three terms (``discharge,'' 
``cancellation,'' and ``forgiveness''), including, but not limited to, 
discharges of student loans made pursuant to specific benefit programs. 
At times, this system of records notice may refer by name to a specific 
benefit program, such as the ``Public Service Loan Forgiveness'' 
program; such specific references are not intended to exclude any such 
program benefits from more general references to loan discharges):

[[Page 56040]]

    (1) To provide master data management, to serve as a production 
database, and to provide common naming conventions and standards;
    (2) To provide a data warehouse for analytics, reporting, and 
modeling;
    (3) To provide the Data Lake for the storage of large data sets, 
both structured and unstructured. (PDFs and audio files are examples of 
unstructured data);
    (4) To provide analytics and reporting, including querying, 
modeling, forecasting, and visualizing, for the purpose of 
administering the title IV, HEA programs effectively and efficiently;
    (5) To improve transparency by publicly releasing information and 
reports, as required by the Foundations for Evidence-Based Policymaking 
Act of 2018 and title IV of the HEA;
    (6) To support research, analysis, and development, and the 
implementation and evaluation of education policies in relation to 
title IV, HEA programs;
    (7) To support Federal budget analysts in the Department, the 
Office of Management and Budget (OMB), and the Congressional Budget 
Office (CBO) in the development of budget needs and forecasts;
    (8) To help aid applicants and recipients achieve better outcomes 
through outreach to aid applicants and recipients at risk of default 
and of being defrauded;
    (9) To determine aid recipients' eligibility for discharges of 
loans under title IV of the HEA;
    (10) To maintain and process information and documentation, 
including, but not limited to, loan discharge income eligibility 
information, associated consent information for the purposes of 
eligibility determination and verification information obtained from 
applicants, or applicable applicant's parent(s) or spouse, and income 
verification documentation of an aid recipient or applicable aid 
recipient's parent(s) or spouse, pertaining to discharge of eligible 
loans under title IV, HEA and promissory notes and other agreements 
that evidence the existence of a legal obligation to repay funds 
disbursed under title IV, HEA programs;
    (11) To provide a more flexible data architecture that will allow 
FSA to respond more efficiently and accurately to complex data requests 
and changes in title IV, HEA policies and operations;
    (12) To provide additional insights into title IV, HEA programs, 
improve oversight of FSA vendors, and develop a global view of FSA 
operations;
    (13) To facilitate the collection, processing, and transmission of 
information to students, post-secondary and financial institutions, 
lenders, State agencies, and other authorized operational parties;
    (14) To identify, prevent, reduce, and recoup improper payments;
    (15) To communicate with aid applicants and recipients regarding 
including, but not limited to, the Free Application for Federal Student 
Aid (FAFSA[supreg]) processing timelines, debt counseling references, 
and Public Service Loan Forgiveness (PSLF) information;
    (16) To enforce the conditions or terms of a title IV, HEA 
obligation;
    (17) To investigate possible fraud or abuse or verify compliance 
with program regulations or contract requirements;
    (18) To litigate a title IV, HEA obligation, or to prepare for, 
provide support services for, or audit the results of litigation on a 
title IV, HEA obligation;
    (19) To verify the identity of FSA aid recipients for the purpose 
of loan discharge eligibility;
    (20) To assist audit and program review planning and reviews; and
    (21) To conduct testing, analysis, or take other administrative 
actions needed to prepare for or execute programs under title IV of the 
HEA.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The EDMAPS system maintains records on the following categories of 
individuals:
    (1) Individual recipients of, and applicants for, aid under one of 
the programs authorized under title IV of the HEA, including, but not 
limited to, the: (a) Direct Loan Program; (b) Federal Family Education 
Loan (FFEL) Program; (c) Federal Insured Student Loan (FISL) Program; 
and (d) Federal Perkins Loan Program including National Defense Student 
Loans, National Direct Student Loans, and Perkins Expanded Lending and 
Income Contingent Loans (Perkins Loans);
    (2) Individuals who serve as endorsers on Direct PLUS loans;
    (3) Recipients of Federal Pell Grants, Academic Competitiveness 
Grants (ACG), National Science and Mathematics Access to Retain Talent 
(SMART) Grants, Teacher Education Assistance for College and Higher 
Education (TEACH) Grants, and Iraq and Afghanistan Service Grants;
    (4) Individuals who owe an overpayment on a Federal Pell Grant, an 
ACG, a National SMART Grant, a Federal Supplemental Educational 
Opportunity Grant (FSEOG), or an Iraq and Afghanistan Service Grant, or 
TEACH or a Federal Perkins Loan;
    (5) Individuals who have applied for borrower defense discharges 
(Note: The system contains case tracking records on these individuals);
    (6) Individuals who received aid under the HEAL Program for 
analysis of their use of the title IV, HEA programs;
    (7) Individuals who are title IV, HEA aid applicants or recipients, 
and parents or spouses of aid applicants or recipients, who submit 
feedback/complaints to the Department regarding title IV, HEA programs, 
contractors, or practices or processes of the Department and those who 
serve as contacts at educational institutions listed on the program 
participation agreement, including, but not limited to, financial aid 
directors and college presidents;
    (8) Individuals who are not aid applicants or recipients under 
title IV, HEA programs, but who have submitted feedback or a complaint 
or whose information has been provided to the Department as part of an 
interagency agreement or memorandum of understanding to allow analysis 
of title IV, HEA programs;
    (9) Aid applicants and recipients under title IV, HEA programs, the 
parents of aid applicants and recipients under title IV, HEA programs, 
and PLUS loan endorsers who apply for an FSA user ID and password; and
    (10) Individuals who are, or once were, the parent(s) of a 
dependent applicant or aid recipient, or the spouse of a married 
applicant or aid recipient, under title IV, HEA programs.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The EDMAPS system includes, but is not limited to, the following 
categories of records:
    (1) Aid applicant and recipient identifier information, including 
SSN, FSA user ID (FSA ID), name (both current and previous), date of 
birth, physical mailing address, phone number, email address, and 
driver's license information;
    (2) Information on the aid recipient's loan(s) covering the period 
from the origination of the loan through final payment, cancellation, 
consolidation, discharge, or other final disposition, including details 
such as loan amount, disbursements, balances, loan status, repayment 
plan payments and related information, collections, lender and guaranty 
agency claims, deferments, forbearances, refunds, and cancellations, 
master promissory notes, information collected to determine loan 
discharge eligibility along with eligibility and income verification 
consents;
    (3) Aid applicant and recipient demographic information from aid

[[Page 56041]]

applications, such as dependency status, citizenship, veteran status, 
marital status, sex/gender, race/ethnicity, income and asset 
information (including income and asset information on the student's 
parent(s), if a dependent student, and the aid applicant's or 
recipient's spouse, if married), and expected family contribution or 
Student Aid Index;
    (4) Demographic information on the parent(s) of a dependent aid 
applicant and recipient from aid applications, including, but not 
limited to, name (current and previous), date of birth, SSN, FSA ID, 
U.S. passport number, state administered driver's license number, 
marital status, telephone number, email address, highest level of 
schooling completed, and income and asset information;
    (5) Information related to a borrower's application for an income-
driven repayment plan, including information such as current income, 
family size, repayment plan selection, and, if married, information 
about the borrower's spouse;
    (6) Federal Pell Grant, ACG, National SMART Grant, TEACH Grant, and 
Iraq and Afghanistan Service Grant amounts and dates of disbursement;
    (7) Federal Pell Grant, ACG Grant, National SMART Grant, Iraq and 
Afghanistan Service Grant, FSEOG, and Federal Perkins Loan Program 
overpayment amounts;
    (8) Information maintained by a guaranty agency, including, 
demographic, contact, and identifier information, a borrower's FFEL 
loan(s), and the lender(s), holder(s), and servicer(s) of the 
borrower's FFEL loan(s);
    (9) Information concerning the date of any default on loans;
    (10) Information on financial institutions participating in the 
loan participation and sale programs established by the Department 
under the Ensuring Continued Access to Student Loan Act of 2008 
(ECASLA) (Pub. L. 110-227), including the collection of ECASLA loan-
level funding amounts, dates of ECASLA participation for financial 
institutions, dates and amounts of loans sold to the Department under 
ECASLA, and the amount of loans funded by the Department's programs but 
repurchased by the lender;
    (11) Student enrollment information for individuals who have 
received title IV, HEA aid, such as enrollment status, information on 
the student's educational institution, level of study, the 
Classification of Instructional Programs (CIP) code, and published 
length for the program in which the student enrolled for at an 
institution or programs of studies at the post-secondary institution;
    (12) Case records on applications for borrower defense discharge;
    (13) Case records on complaints and feedback regarding title IV, 
HEA programs, Department contractors, and the practices and processes 
of the Department and fraud referrals;
    (14) Records on title IV, HEA aid applicants and recipients under 
title IV, HEA programs, the parents of aid applicants and recipients 
under title IV, HEA programs, and PLUS loan endorsers who apply for an 
FSA user ID and password, including password recovery questions and 
answers;
    (15) Records of borrower contacts (phone calls and letters);
    (16) HEAL Program records, when loaded into the system for analysis 
of HEAL borrowers' use of the title IV, HEA programs;
    (17) Reference data about lenders and guaranty agencies, such as 
parent-subsidiary lender relationships, in addition to aggregated 
financials from lenders and guaranty agencies;
    (18) Centralized identifying and contact information received from 
the FAFSA[supreg], origination and disbursement records, loan 
servicers, and customers (via the studentaid.gov interface), augmented 
by algorithms to identify the most accurate and/or up-to-date 
identifying and contact records;
    (19) Credit check details, decision, adverse reasons/credit bureau 
info and credit appeal information on PLUS loan applicants, recipients 
and endorsers; and
    (20) The system maintains student enrollment information for 
individuals who have received title IV, HEA aid and records on the 
level of study, CIP code, and published length of an educational 
program in which a student receiving title IV, HEA aid; and
    (21) Loan discharge income eligibility information, associated 
discharge eligibility and income verification consent information from 
discharge applicants or applicable applicant's parent(s) or spouse, and 
income verification documentation of an aid recipient or applicable aid 
recipient's parent(s) or spouse, pertaining to discharge of eligible 
loans under title IV, HEA programs.

RECORD SOURCE CATEGORIES
    Information for this system is obtained from other Department 
systems, such as Federal Loan Servicers' IT systems (covered by the 
system of records titled ``Common Services for Borrowers (CSB)'' (18-
11-16)); the Debt Management and Collection System (DMCS) (covered by 
the system of records titled ``Common Services for Borrowers (CSB)'' 
(18-11-16)); COD (covered by the system of records titled ``Common 
Origination and Disbursement (COD) System'' (18-11-02)); and the 
Financial Management System (FMS) (covered by the system of records 
titled ``Financial Management System (FMS)'' (18-11-17).)
    In addition, the EDMAPS system currently receives Federal Loan 
Servicer, DMCS, guaranty agency, and certain postsecondary education 
institution information on Perkins Loans via the SAIG, Participant 
Management System (covered by the system of records titled ``Student 
Aid internet Gateway (SAIG), Participation Management System'' (18-11-
10)).
    Further, the EDMAPS system currently receives data originating from 
PEPS (covered by the system of records titled ``Postsecondary Education 
Participants System'' (18-11-09)) and the Central Processing System 
(CPS) (covered by the system of records titled ``Federal Student Aid 
Application File'' (18-11-01)) via COD.
    The EDMAPS system also receives enrollment records, including 
program-level enrollment records, from NSLDS (covered by the system of 
records titled ``National Student Loan Data System (NSLDS)'' (18-11-
06)) or any successor system.
    The EDMAPS system receives origination and disbursement records on 
Federal Pell Grants, ACGs, National SMART Grants, TEACH Grants, Iraq 
and Afghanistan Service Grants, and Direct Loans; master promissory 
note records; records of PLUS loan credit checks and credit appeals; 
annual aggregated Federal Campus-Based Program (FWS, FSEOG, and Perkins 
Loan) records from post-secondary institutions; consolidation loan 
application records; repayment plan application records; and financial 
literacy (entrance and exit) counseling records from COD (covered by 
the systems of records titled ``Common Origination and Disbursement 
(COD) System'' (18-11-02)) or any successor system.
    In addition, the EDMAPS system receives aggregated guaranty agency 
and lender financials, as well as lender, guaranty agency, and parent-
subsidiary organization lender reference data from FMS (covered by the 
system of records titled ``Financial Management System (FMS)'' (18-11-
17)) or any successor system.
    Further, the EDMAPS system receives records from PAS (covered by 
the system of records titled ``Person Authentication Service (PAS)'' 
(18-11-12)) or any successor system, which covers aid applicants and 
recipients

[[Page 56042]]

under title IV, HEA programs, the parents of aid applicants and 
recipients under title IV, HEA programs, and PLUS loan endorsers who 
apply for an FSA user ID and password
    Upon request, approved EDMAPS users also receive reports from HEAL 
(covered by the system of records titled ``Health Education Assistance 
Loan (HEAL) Program'' (18-11-20)), which they upload into EDMAPS for 
analytical and reporting purposes.
    Moreover, the EDMAPS system receives borrower defense case records 
and complaint, feedback, and fraud referral case records from CEMS 
(covered by the system of records entitled ``Customer Engagement 
Management System (CEMS)'' (18-11-11)) or its successor system.
    Finally, the EDMAPS system may also obtain information from other 
persons or entities from whom or from which information is obtained 
following a disclosure under the routine uses set forth below.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    The Department may disclose information contained in a record in 
this system of records under the routine uses listed in this system of 
records without the consent of the individual if the disclosure is 
compatible with the purposes for which the record was collected. The 
Department may make these disclosures on a case-by-case basis or, if 
the Department has complied with the computer matching requirements of 
the Privacy Act of 1974, as amended (Privacy Act), under a computer 
matching agreement.
    (1) Program Disclosures. The Department may disclose records from 
this system of records for the following program purposes:
    (a) To promote transparency, and the effective and efficient 
administration, of title IV, HEA programs, the Department may disclose 
records to guaranty agencies, educational institutions, financial 
institutions, and Federal, State, Tribal, and local government 
agencies;
    (b) To detect, prevent, mitigate, and recoup improper payments in 
title IV, HEA programs, the Department may disclose records to guaranty 
agencies, educational institutions, financial institutions, and 
Federal, State, Tribal, and local government agencies; and
    (c) To support auditors and program reviewers in planning and 
carrying out their assessments of title IV, HEA program compliance, the 
Department may disclose records to guaranty agencies, educational 
institutions, financial institutions and servicers, and Federal, State, 
Tribal, and local government agencies; and
    (d) To assist with the determination of eligibility for loan 
discharges, the Department may disclose records to holders of loans 
made under title IV of the HEA;.
    (2) Congressional Member Disclosure. The Department may disclose 
the records of an individual to a member of Congress or the member's 
staff when necessary to respond to an inquiry from the member made at 
the written request of that individual and on behalf of that 
individual. The member's right to the information is no greater than 
the right of the individual who requested it.
    (3) Enforcement Disclosure. In the event that information in this 
system of records indicates, either on its face or in connection with 
other information, a violation or potential violation of any applicable 
statute, regulation, or order of a competent authority, the Department 
may disclose the relevant records to the appropriate government agency, 
whether Federal, State, Tribal, or local, charged with investigating or 
prosecuting that violation or charged with enforcing or implementing 
the statute, regulation, or order issued pursuant thereto.
    (4) Litigation and Alternative Dispute Resolution (ADR) Disclosure.
    (a) Introduction. In the event that one of the following parties 
listed in subparagraphs (i) through (v) is involved in judicial or 
administrative litigation or ADR, or has an interest in judicial or 
administrative litigation or ADR, the Department may disclose certain 
records from this system of records to the parties described in 
paragraphs (b), (c), and (d) of this routine use under the conditions 
specified in those paragraphs:
    (i) The Department or any of its components;
    (ii) Any Department employee in their official capacity;
    (iii) Any Department employee in their individual capacity if the 
U.S. Department of Justice (DOJ) has been requested to or has agreed to 
provide or arrange for representation of the employee;
    (iv) Any Department employee in their individual capacity when the 
Department has agreed to represent the employee;
    (v) The United States when the Department determines that the 
litigation is likely to affect the Department or any of its components.
    (b) Disclosure to DOJ. If the Department determines that disclosure 
of certain records to DOJ is relevant and necessary to judicial or 
administrative litigation or ADR, the Department may disclose those 
records as a routine use to DOJ.
    (c) Adjudicative Disclosure. If the Department determines that it 
is relevant and necessary to judicial or administrative litigation or 
ADR to disclose certain records from this system of records to an 
adjudicative body before which the Department is authorized to appear 
or to a person or an entity designated by the Department or otherwise 
empowered to resolve or mediate disputes, the Department may disclose 
those records as a routine use to the adjudicative body, person, or 
entity.
    (d) Disclosure to Parties, Counsel, Representatives, and Witnesses. 
If the Department determines that disclosure of certain records to a 
party, counsel, representative, or witness is relevant and necessary to 
the judicial or administrative litigation or ADR, the Department may 
disclose those records as a routine use to the party, counsel, 
representative, or witness.
    (5) Employment, Benefit, and Contracting Disclosure.
    (a) For Decisions by the Department. The Department may disclose a 
record from this system of records to a Federal, State, Tribal, or 
local government agency maintaining civil, criminal, or other relevant 
enforcement or other pertinent records, or to another public agency or 
professional organization, if necessary to obtain information relevant 
to a Department decision concerning the hiring or retention of an 
employee or other personnel action; the issuance of a security 
clearance; the letting of a contract; or the issuance of a license, 
grant, or other benefit.
    (b) For Decisions by Other Public Agencies and Professional 
Organizations. The Department may disclose a record to a Federal, 
State, Tribal, local, or other government or public agency or 
professional organization, in connection with the hiring or retention 
of an employee or other personnel action, the issuance of a security 
clearance, the reporting of an investigation of an employee, the 
letting of a contract, or the issuance of a license, grant, or other 
benefit, to the extent that the record is relevant and necessary to the 
receiving entity's decision on the matter.
    (6) Employee Grievance, Complaint, or Conduct Disclosure. If a 
record is relevant and necessary to a grievance, complaint, or 
disciplinary action involving a present or former employee of the 
Department, the Department may disclose the record during 
investigation, fact-finding, or adjudication to any party to the 
grievance, complaint, or action; to

[[Page 56043]]

the party's counsel or representative; to a witness; or to a designated 
fact finder, mediator, or other person designated to resolve issues or 
decide the matter.
    (7) Labor Organization Disclosure. The Department may disclose a 
record to an arbitrator to resolve disputes under a negotiated 
grievance procedure or to officials of a labor organization recognized 
under 5 U.S.C. chapter 71 when relevant and necessary to their duties 
of exclusive representation.
    (8) Freedom of Information Act (FOIA) and Privacy Act Advice 
Disclosure. The Department may disclose records to DOJ or the OMB if 
the Department concludes that disclosure is desirable or necessary in 
determining whether particular records are required to be disclosed 
under the FOIA or the Privacy Act.
    (9) Disclosure to DOJ. The Department may disclose records to DOJ 
to the extent necessary for obtaining DOJ advice on any matter relevant 
to an audit, inspection, or other inquiry related to the programs 
covered by this system.
    (10) Contract Disclosure. If the Department contracts with an 
entity to perform any function that requires disclosure of records in 
this system to employees of the contractor, the Department may disclose 
the records to those employees. As part of such a contract, the 
Department shall require the contractor to agree to establish and 
maintain safeguards to protect the security and confidentiality of the 
disclosed records.
    (11) Research Disclosure. The Department may disclose records to a 
federal researcher if the Department determines that the individual or 
organization to which the disclosure would be made is qualified to 
carry out specific research related to the functions or purposes of 
this system of records. The Department may disclose records from this 
system of records to that federal researcher solely for the purpose of 
carrying out that research related to the functions or purposes of this 
system of records. The federal researcher shall be required to agree to 
establish and maintain safeguards to protect the security and 
confidentiality of the disclosed records.
    (12) Disclosure in the Course of Responding to a Breach of Data. 
The Department may disclose records from this system of records to 
appropriate agencies, entities, and persons when (a) the Department 
suspects or has confirmed that there has been a breach of the system of 
records; (b) the Department has determined that, as a result of the 
suspected or confirmed breach, there is a risk of harm to individuals, 
the Department (including its information systems, programs, and 
operations), the Federal government, or national security; and (c) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with the Department's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    (13) Disclosure in Assisting Another Agency in Responding to a 
Breach of Data. The Department may disclose records from this system to 
another Federal agency or Federal entity, when the Department 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (a) responding to 
a suspected or confirmed breach, or (b) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    (14) Disclosure to the OMB and CBO for Federal Credit Reform Act 
(FCRA) Support. The Department may disclose records to OMB and CBO as 
necessary to fulfill FCRA requirements in accordance with 2 U.S.C. 
661b, except for federal tax information, per 26 U.S.C. 6103.
    (15) Disclosure to National Archives and Records Administration 
(NARA). The Department may disclose records from this system of records 
to NARA for the purpose of records management inspections conducted 
under authority of 44 U.S.C. 2904 and 2906.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The Department electronically stores information at the AWS site 
referenced in the foregoing section titled ``SYSTEM LOCATION.'' For 
example, the Department electronically stores, for the entire Federal 
Student Aid life cycle from application through loan payoff, student 
and aid applicant demographic and title IV, HEA aid information such 
as, but not limited to, FFEL program, FISL program, and Perkins loan 
records on AWS site. The Department also stores electronic master 
promissory notes, electronic Special Direct Consolidation Loan 
opportunity applications and promissory notes, electronic requests to 
repay a Direct Loan under an income-driven repayment plan, and Federal 
Direct Consolidation Loan applications and promissory notes on AWS 
site. Finally, data obtained from the paper promissory notes or the 
paper loan discharge eligibility form are stored on hard disks at the 
AWS site. (These are referred to as metadata and are used by the system 
to link promissory notes or loan discharge eligibility form to aid 
recipient.)

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    With some exceptions, the Department does not generally use the 
EDMAPS system for the retrieval of individual records. However, system 
administrators and a handful of privileged users are able to retrieve 
records from the EDMAPS system by award ID, customer ID, borrower ID, 
an individual's SSN, last name, first name, and date of birth. Further, 
the Department uses the EDMAPS system to retrieve individual records to 
process income eligibility information and other information about 
income of aid recipients and to send it to Federal Loan Servicers for 
the discharge of eligible student loans under the title IV, HEA 
programs. Internal reports also provide a secure vehicle for approved 
Department employees and Department contractor staff to access samples 
of individual records, for example as part of performing program 
reviews.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    The Department has submitted a retention and disposition schedule 
that covers the primary records contained in this system to NARA for 
review. The Department will treat these records as ``permanent 
records,'' as defined in 36 CFR 1220.18, until such time as a final 
disposition is approved.
    The EDMAPS system may also contain certain records that the 
Department considers, on a case-by-case basis and with the approval of 
the Agency Records Officer, to be covered by General Records Schedule 
5.2, ``Transitory and Intermediary Records.''

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    All users of the system will have a unique user ID with password. 
In addition to the user ID and password, users must authenticate their 
Personal Identity Verification (PIV) card to access the system, from 
within either the Department's Network, the Department's Global Protect 
Virtual Private Network (VPN), or the Department's vendor's AnyConnect 
Cisco VPN. Users are required to change their password at least every 
60 days in accordance with the Department's information technology 
standards. All physical access to the information housed in the EDMAPS 
system locations is controlled and monitored by

[[Page 56044]]

security personnel who check each individual entering the building for 
their employee or visitor badge.
    The computer system employed by the Department offers a high degree 
of resistance to tampering and circumvention with firewalls, 
encryption, and password protection. This security system limits data 
access to Department and Department contractor staff on a ``need-to-
know'' basis and controls individual users' ability to access and alter 
records within the system. All interactions by users of the system are 
recorded. Users of the EDMAPS system do not see personally identifiable 
information (PII), even when looking at individual records. EDMAPS 
tokenizes PII, meaning that PII are swapped out for non-sensitive 
random values. This does not prevent users of EDMAPS from joining 
tables containing the same PII data element, because tokenization 
ensures that the same non-sensitive value is swapped out in every table 
that has that particular data element, for example SSN or date of 
birth.
    In accordance with the Federal Information Security Management Act 
of 2002 (FISMA), as amended by the Federal Information Security 
Modernization Act of 2014, every Department system must receive a 
signed Authorization to Operate (ATO) from a designated Department 
official. The ATO process includes a rigorous assessment of security 
and privacy controls, a plan of actions and milestones to remediate any 
identified deficiencies, and a continuous monitoring program.
    FISMA controls implemented are comprised of a combination of 
management, operational, and technical controls, and include the 
following control families: access control, awareness and training, 
audit and accountability, security assessment and authorization, 
configuration management, contingency planning, identification and 
authentication, incident response, maintenance, media protection, 
physical and environmental protection, planning, personnel security, 
privacy, risk assessment, system and services acquisition, system and 
communications protection, system and information integrity, and 
program management.

RECORD ACCESS PROCEDURES:
    If you wish to gain access to a record regarding you in this system 
of records, contact the system manager at the address listed above. You 
must provide the system manager with the necessary particulars such as 
your full, legal name, date of birth, address, and any other 
identifying information requested by the Department while processing 
the request in order to distinguish between individuals with the same 
name. Requesters must also reasonably specify the record contents 
sought. Your request must meet the requirements of the regulations at 
34 CFR 5b.5, including proof of identity.

CONTESTING RECORD PROCEDURES:
    If you wish to contest the content of your personal record within 
the system of records, contact the system manager at the address listed 
above and provide your full, legal name, date of birth, and SSN. 
Identify the specific items to be changed and provide a written 
justification for the change. Requests to amend a record must meet the 
requirements in 34 CFR 5b.7.

NOTIFICATION PROCEDURES:
    If you wish to determine whether a record exists regarding you in 
the system of records, contact the system manager at the address listed 
above. You must provide necessary particulars such as your full, legal 
name, date of birth, address, and any other identifying information 
requested by the Department while processing the request to distinguish 
between individuals with the same name. Requests must meet the 
requirements in 34 CFR 5b.5, including proof of identity.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

[FR Doc. 2022-19886 Filed 9-12-22; 8:45 am]
BILLING CODE 4000-01-P