AGENCY:

Federal Student Aid, Department of Education.

ACTION:

Notice of a modified system of records.

SUMMARY:

In accordance with the Privacy Act of 1974, as amended (Privacy Act), the U.S. Department of Education (Department) modifies the system of records entitled “Student Aid internet Gateway (SAIG), Participation Management System” (18-11-10).

The SAIG, Participation Management System, is a system of records containing contact information that individuals affiliated with an authorized entity provide to create an account to request electronic access to the Department's Federal Student Aid (FSA) systems or to the system of the Department of Homeland Security (DHS) for purposes of administering or assisting in administering programs authorized under title IV of the Higher Education Act of 1965, as amended (HEA).

DATES:

Submit your comments on this modified system of records notice on or before April 2, 2018.

This modified system of records will become applicable upon publication in the Federal Register on March 1, 2018. Modified routine use disclosures numbered (1), (4), (6), (10), and (12) and new routine use disclosure numbered (13) listed under “ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES” will become applicable on April 2, 2018, unless the modified system of records notice needs to be changed as a result of public comment. The Department will publish any significant changes resulting from public comment.

ADDRESSES:

Submit your comments through the Federal eRulemaking Portal or via postal mail, commercial delivery, or hand delivery. We will not accept comments submitted by fax or by email or those submitted after the comment period. To ensure that we do not receive duplicate copies, please submit your comments only once. In addition, please include the Docket ID at the top of your comments.

• Federal eRulemaking Portal: Go to www.regulations.gov to submit your comments electronically. Information on using Regulations.gov, including instructions for accessing agency documents, submitting comments, and viewing the docket, is available on the site under the “help” tab.
• Postal Mail, Commercial Delivery, or Hand Delivery: If you mail or deliver your comments about this modified system of records, address them to: Director, Systems Integration Division, Systems Operations and Aid Delivery Management Services, Federal Student Aid, U.S. Department of Education, 830 First Street NE, Room 41F1, Union Center Plaza, Washington, DC 20202-5144.

Privacy Note: The Department's policy is to make all comments received from members of the public available for public viewing in their entirety on the Federal eRulemaking Portal at www.regulations.gov. Therefore, commenters should be careful to include in their comments only information that they wish to make publicly available.

Assistance to Individuals with Disabilities in Reviewing the Rulemaking Record: On request, we will provide an appropriate accommodation or auxiliary aid to an individual with a disability who needs assistance to review the comments or other documents in the public rulemaking record for this notice. If you want to schedule an appointment for this type of accommodation or auxiliary aid, please contact the person listed under FOR FURTHER INFORMATION CONTACT.

FOR FURTHER INFORMATION CONTACT:

Director, Systems Integration Division, Systems Operations and Aid Delivery Management Services, Federal Student Aid, U.S. Department of Education, 830 First Street NE, Room 41F1, Union Center Plaza, Washington, DC 20202-5144. Telephone: (202) 377-3547.

If you use a telecommunications device for the deaf (TDD) or text telephone (TTY), you may call the Start Printed Page 8856Federal Relay Service, toll free, at 1-800-877-8339.

SUPPLEMENTARY INFORMATION:

Introduction

The Department is updating the section of the notice entitled “SYSTEM LOCATION” by adding an alternate location, and replacing the locations no longer utilized. The Department is changing the section of the notice entitled “SYSTEM MANAGER” to reflect the current organization of Business Operations in the Federal Student Aid office. The Department is modifying the section of the notice entitled “PURPOSE(S) OF THE SYSTEM” to remove the references about authenticating users to the Debt Management and Collections System (DMCS) and Title IV Additional Servicers (TIVAS). These systems do not require authorization through the SAIG, Participation Management System. However, the Department is adding that the SAIG, Participation Management System, will be used to provide users with access to the Enterprise Complaint System (ECS) and the system of the DHS that also administers or assists in administering programs authorized under title IV of the HEA. In this section and throughout the notice, the Department is removing all references regarding “authenticating” users and replacing it with the term “authorizing.” This is a more accurate representation of the Department's practices in the SAIG, Participation Management System.

The Department is modifying the section of the notice entitled “CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM” to replace as covered individuals those who are eligible to participate in the Department's programs with those who are authorized to access the Department's Federal Student Aid systems and the DHS system for the purposes of administering or assisting in administering programs authorized under title IV of the HEA. This modification is a clarification to the public and does not change the scope of the system. The Department is also modifying this section to update the entities whose employees may be authorized to access the SAIG, Participation Management System, such as by deleting the reference to authorized employees or representatives of State scholarship programs and inserting in its place, research and scholarship organizations. The Department is also clarifying in this section that the authorized employees or representatives of lenders and guaranty agencies covered by the system are limited to lenders and guaranty agencies participating in the Federal Family Education Loan Program (FFELP).

The Department is updating the section of the notice entitled “CATEGORIES OF RECORDS IN THE SYSTEM” to specify that records are those of authorized individuals with access to not just the Department's student financial aid systems but also the DHS system that administer or assist in administering programs authorized under title IV of the HEA.

The Department is modifying the section of the notice entitled “RECORD SOURCE CATEGORIES” to update authorized entities as follows: Postsecondary educational institutions, institutional third-party servicers, FFELP lenders, FFELP guaranty agencies, Federal loan servicers, DHS, State grant agencies, research and scholarship organizations, and from other individuals or entities from which data is obtained under the routine uses set forth below.

The Department is updating routine use (1) entitled “Program Disclosures” to remove the listed Department systems DMCS and TIVAS, which were previously listed in paragraphs (f) and (g), and to add, in paragraph (f), ECS as a Department system to which authorized users will have access. The Department is adding to this routine use in paragraph (h) that authorized users also will have access to the DHS system that administers or assists in the administration of programs authorized under title IV of the HEA. These modifications to routine use (1) will permit the Department to share authorized users' information with DHS to allow these authorized users access to systems belonging to the Department's Federal Student Aid office and DHS for the purposes of administering or assisting in administering programs authorized under title IV of the HEA. The Department will only disclose these records to DHS after the Department has approved in writing a request from DHS to access these records.

The Department is modifying routine use (4) entitled “Contract Disclosure” and routine use (6) entitled “Research Disclosure” to remove language that respectively referenced safeguard requirements under subsection (m) of the Privacy Act and Privacy Act safeguards. The Department revised the language in routine use (4) to permit the Department to disclose records from this system of records to employees of Departmental contractors, whether or not they are covered by subsection (m) of the Privacy Act, so long as they are performing a Departmental function that requires disclosing records to them and they agree to safeguards that will protect the security and confidentiality of the records in the system. The Department also revised the language in routine uses (4) and (6) because the prior language referring to required safeguards under the Privacy Act and Privacy Act safeguards was unclear about what safeguards were required and therefore to clarify that contractors and researchers to whom disclosures are made under these routine uses will be required to agree to safeguards to protect the security and confidentiality of the records in the system.

The Department is modifying routine use (10) entitled “Employee Grievance, Complaint, or Conduct Disclosure” to clarify and promote the standardization of the language used in this routine use with that used in the Department's other systems of records notices.

Pursuant to the requirements in Office of Management and Budget (OMB) M-17-12, the Department is modifying routine use (12) entitled “Disclosure in the Course of Responding to a Breach of Data.”

The Department is also adding routine use (13) entitled “Disclosure in Assisting another Agency in Responding to a Breach of Data” in order to comply with the requirements in OMB M-17-12. The Department may disclose records from this system to another Federal agency or Federal entity, when the Department determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

The Department is updating the sections of the notice entitled “POLICIES AND PRACTICES FOR STORAGE OF RECORDS” and “ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS” to reflect the current location of the records at General Dynamics One Source (GDOS). The Department is also updating the section entitled “POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS” to reflect the updated General Records Schedule, issued by the National Archives and Records Administration, which governs the retention and disposition of the records. Finally, the Department is modifying the sections entitled “RECORD ACCESS PROCEDURES” and “NOTIFICATION Start Printed Page 8857PROCEDURES” to specify the necessary particulars that an individual must provide when making a request for access to or notification of a record.

Accessible Format: Individuals with disabilities can obtain this document in an accessible format (e.g., braille, large print, audiotape, or compact disc) on request to the person listed under FOR FURTHER INFORMATION CONTACT.

Electronic Access to This Document: The official version of this document is the document published in the Federal Register. Free internet access to the official edition of the Federal Register and the CFR is available via the Federal Digital System at: www.gpo.gov/​fdsys. At this site you can view this document, as well as all other documents of the Department published in the Federal Register, in text or Portable Document Format (PDF). To use PDF you must have Adobe Acrobat Reader, which is available free at the site.

You may also access documents of the Department published in the Federal Register by using the article search feature at: www.federalregister.gov. Specifically, through the advanced search feature at this site, you can limit your search to documents published by the Department.

For the reasons discussed in the preamble, the Acting Chief Operating Officer, Federal Student Aid of the U.S. Department of Education (Department) publishes a notice of a modified system of records to read as follows:

SYSTEM NAME AND NUMBER

Student Aid internet Gateway (SAIG), Participation Management System (18-11-10).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

General Dynamics One Source (GDOS), LLC 2450 Oakdale Boulevard, Coralville, IA 52241-9728. (This facility is the location of Technical Support and also stores hard copy records for the first 12 months after they are received by the Department.

SAIG/Participation Management System Technical Support 3833 Greenway Drive, Lawrence, KS 66046. (This is another location of the Technical Support).

Dell Perot Systems, 2300 West Plano Parkway, Plano, TX 75075-8247. (This is the computer center for SAIG, Participation Management System Application Virtual Data Center (VDC).)

Iron Mountain Headquarters, 1000 Campus Dr., Collegeville, PA 19426. (This facility stores hard copy records after 12 months from when they are received by the Department, and prior to the Department transferring them to National Archives and Records Administration (NARA)—operated Federal Records Centers.)

SYSTEM MANAGER(S):

Director, Systems Integration Division, Systems Operations and Aid Delivery Management Services, Business Operations, Federal Student Aid, U.S. Department of Education, 830 First Street NE, Union Center Plaza, Washington, DC 20202-5454.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Title IV of the Higher Education Act of 1965, as amended (HEA), 20 U.S.C. 1070 et seq. The collection of Social Security numbers of users of this system is authorized by 31 U.S.C. 7701 and Executive Order 9397, as amended by Executive Order 13478 (November 18, 2008).

PURPOSE(S) OF THE SYSTEM:

The information in this system is maintained for the purposes of: (1) Processing stored data from the SAIG, Participation Management System Enrollment Forms (web and paper versions); (2) maintaining the SAIG, Participation Management System Enrollment website (titled https://FSAWebEnroll.ed.gov); (3) managing the assignment of individual electronic SAIG, Participation Management System mailbox numbers, known as “TG numbers”; and (4) authorizing users of the Department's Federal Student Aid systems, including Central Processing System (CPS), electronic Campus Based (eCB) System, National Student Loan Data System (NSLDS), Common Origination and Disbursement (COD) System, Financial Management System (FMS), Enterprise Complaint System (ECS), and Access and Identity Management System (AIMS), and the system of the Department of Homeland Security(DHS), for the purposes of administering or assisting in administering programs authorized under title IV of the HEA.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

This system contains records on those individuals who are authorized to access the Department's Federal Student Aid systems and the DHS system for purposes of administering or assisting in administering programs authorized under title IV of the HEA. Those individuals include authorized employees or representatives of authorized entities as follows: Postsecondary educational institutions, institutional third-party servicers, lenders participating in the Federal Family Education Loan Program (FFELP), FFELP guaranty agencies, Federal loan servicers, State grant agencies, and research and scholarship organizations.

CATEGORIES OF RECORDS IN THE SYSTEM:

This system maintains identifying information that authorized individuals affiliated with an authorized entity provide to create an account to request electronic access to the Department's Federal Student Aid systems or access to the DHS system for the purposes of administering or assisting in administering programs authorized under title IV of the HEA. This information includes the individual's name, address, and other identifying information (e.g., mother's maiden name, Social Security number (SSN), and date of birth).

RECORD SOURCE CATEGORIES:

Information in this system is obtained from the authorized employees or representatives of authorized entities as follows: Postsecondary educational institutions, institutional third-party servicers, FFELP lenders, FFELP guaranty agencies, Federal loan servicers, DHS, State grant agencies, research and scholarship organizations, and from other individuals or entities from which data is obtained under routine uses set forth below.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

The Department may disclose information contained in a record in this system of records under the routine uses listed in this system of records without the consent of the individual if the disclosure is compatible with the purposes for which the record was collected. These disclosures may be made on a case-by-case basis or, if the Department has complied with the computer matching requirements of the Privacy Act of 1974, as amended (Privacy Act), under a computer matching agreement.

(1) Program Disclosures. The Department may disclose records maintained in the SAIG, Participation Management System, to DHS for the purpose of allowing authorized users who are eligible to participate in the electronic exchange of data with the Department to transmit files to and from the following databases and access the Department's websites online for the purposes of administering or assisting in Start Printed Page 8858administering programs authorized under title IV of the HEA:

(a) COD System;

(b) CPS;

(c) eCB System;

(d) NSLDS;

(e) FMS;

(f) ECS;

(g) AIMS; and,

(h) the DHS system.

The Department will only disclose records from this system to DHS for purposes of administering or assisting in administering programs authorized under title IV of the HEA and only after the Department has approved in writing a request from DHS to access these records.

(2) Freedom of Information Act (FOIA) or Privacy Act Advice Disclosure. The Department may disclose records to the Department of Justice (DOJ) or the Office of Management and Budget (OMB) if the Department seeks advice regarding whether records maintained in this system of records are required to be disclosed under the FOIA or the Privacy Act.

(3) Disclosure to the DOJ. The Department may disclose records to the DOJ to the extent necessary for obtaining DOJ advice on any matter relevant to an audit, inspection, or other inquiry related to the programs covered by this system.

(4) Contract Disclosure. If the Department contracts with an entity to perform any function that requires disclosing records to the contractor's employees, the Department may disclose the records to those employees. As part of such a contract, the Department shall require the contractor to agree to establish and maintain safeguards to protect the security and confidentiality of the records in the system.

(5) Litigation and Alternative Dispute Resolution (ADR) Disclosures.

(a) Introduction. In the event that one of the following parties is involved in judicial or administrative litigation or ADR, or has an interest in judicial or administrative litigation or ADR, the Department may disclose certain records to the parties described in paragraphs (b), (c), and (d) of this routine use under the conditions specified in those paragraphs:

(i) The Department, or any of its components;

(ii) Any Department employee in his or her official capacity;

(iii) Any Department employee in his or her individual capacity where the DOJ agrees to or has been requested to provide or arrange for representation of the employee;

(iv) Any Department employee in his or her individual capacity where the Department has agreed to represent the employee;

(v) The United States where the Department determines that the litigation is likely to affect the Department or any of its components.

(b) Disclosure to DOJ. If the Department determines that disclosure of certain records to the DOJ is relevant and necessary to judicial or administrative litigation or ADR, and is compatible with the purpose for which the records were collected, the Department may disclose those records as a routine use to the DOJ.

(c) Adjudicative Disclosures. If the Department determines that disclosure of certain records to an adjudicative body before which the Department is authorized to appear or to a person or entity designated by the Department or otherwise empowered to resolve or mediate disputes, is relevant and necessary to the judicial or administrative litigation or ADR, the Department may disclose those records as a routine use to the adjudicative body, person, or entity.

(d) Parties, Counsel, Representatives, and Witnesses. If the Department determines that disclosure of certain records to a party, counsel, representative, or witness is relevant and necessary to the judicial or administrative litigation or ADR, the Department may disclose those records as a routine use to the party, counsel, representative, or witness.

(6) Research Disclosure. The Department may disclose records to a researcher if the official serving or acting as the Chief Operating Officer of Federal Student Aid determines that the individual or organization to which the disclosure would be made is qualified to carry out specific research related to functions or purposes of this system of records. The official may disclose records from this system of records to that researcher solely for the purpose of carrying out that research related to the functions or purposes of this system of records. The researcher shall be required to agree to maintain safeguards to protect the security and confidentiality of the disclosed records.

(7) Congressional Member Disclosure. The Department may disclose records to a Member of Congress in response to an inquiry from the Member made at the written request of the individual whose records are being disclosed. The Member's right to the information is no greater than the right of the individual who requested it.

(8) Enforcement Disclosure. In the event that information in this system of records indicates, either on its face or in connection with other information, a violation or potential violation of any applicable statute, regulation, or order of a competent authority, the Department may disclose the relevant records to the appropriate agency, whether foreign, Federal, State, Tribal or local, charged with the responsibility of investigating or prosecuting that violation or charged with enforcing or implementing the statute, Executive Order, rule, regulation, or order issued pursuant thereto.

(9) Employment, Benefit, and Contracting Disclosure.

(a) For Decisions by the Department. The Department may disclose a record to a Federal, State, or local agency maintaining civil, criminal, or other relevant enforcement or other pertinent records, or to another public authority or professional organization, if necessary to obtain information relevant to a Department decision concerning the hiring or retention of an employee or other personnel action, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant, or other benefit.

(b) For Decisions by Other Public Agencies and Professional Organizations. The Department may disclose a record to a Federal, State, local, or foreign agency or other public authority or professional organization, in connection with the hiring or retention of an employee or other personnel action, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit, to the extent that the record is relevant and necessary to the receiving entity's decision on the matter.

(10) Employee Grievance, Complaint, or Conduct Disclosure. If a record is relevant and necessary to an employee grievance, complaint, or disciplinary action involving a present or former employee of the Department, the Department may disclose a record from this system of records in the course of investigation, fact-finding, mediation, or adjudication, to any party to the grievance, complaint, or action; to the party's counsel or representative; to a witness; or to a designated fact-finder, mediator, or other person designated to resolve issues or decide the matter.

(11) Labor Organization Disclosure. The Department may disclose records from this system of records to an arbitrator to resolve disputes under a negotiated grievance process or to officials of a labor organization recognized under 5 U.S.C. chapter 71 Start Printed Page 8859when relevant and necessary to their duties of exclusive representation.

(12) Disclosure in the Course of Responding to a Breach of Data. The Department may disclose records from this system to appropriate agencies, entities, and persons when (a) the Department suspects or has confirmed that there has been a breach of the system of records; (b) the Department has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Department (including its information systems, programs, and operation), the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

(13) Disclosure in Assisting another Agency in Responding to a Breach of Data. The Department may disclose records from this system to another Federal agency or Federal entity, when the Department determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are maintained in both electronic and hard copy form. Records maintained in electronic form, including hard copy records loaded into an imaging system accessible through internal systems only, are stored in IBM Content Manager. For the first 12 months after receiving a hard copy record, the record is stored in a locked file cabinet at the GDOS storage facility in Coralville, Iowa. After the initial 12-month period, the hard copy record is stored at the Iron Mountain storage facility. After three years from the termination or closure of an enrollment account of a user of the SAIG, Participation Management System, all records (electronic and hard copy) are transferred to NARA-operated Federal Records Centers for further storage in accordance with the applicable retention and disposition schedule.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

All users of the SAIG, Participation Management System, have a unique user identification (ID) with a password. Records are retrieved by the names of the individual user and/or their unique system User ID.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

These records are covered by General Records Schedule 3.2: Information Systems Security Records, Item 031 (DAA-GRS-2013-0006-0004). Records are destroyed six years after the user account is terminated or the password is altered.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

All users of the SAIG, Participation Management System, will have a unique user ID with a password. All physical access to the data housed at the GDOS location and within the VDC, and the locations of Department contractors where this system of records is maintained, is controlled and monitored by security personnel who check each individual entering the building for his or her employee or visitor badge. The computer system employed by the Department offers a high degree of resistance to tampering and circumvention with firewalls, encryption, and password protection. This security system limits data access to Department and contract staff on a “need-to-know” basis, and controls individual users' ability to access and alter records within the system. All interactions by users of the SAIG, Participation Management System, are recorded.

RECORD ACCESS PROCEDURES:

If you wish to gain access to a record in this system, you must contact the system manager at the address listed above. You must provide necessary particulars such as your name, user ID, date of birth, and any other identifying information requested by the Department while processing the request to distinguish between individuals with the same name. Your request must meet the requirements of the Department's Privacy Act regulations at 34 CFR 5b.5, including proof of identity.

CONTESTING RECORD PROCEDURES:

If you wish to contest or change the content of a record about you in the system of records, you must contact the system manager with the information described in the record access procedures. Requests to amend a record must meet the requirements of the Department's Privacy Act regulations at 34 CFR 5b.7.

NOTIFICATION PROCEDURES:

If you wish to determine whether a record exists about you in the system of records, you must contact the system manager at the address listed above. You must provide necessary particulars such as your name, user ID, date of birth, and any other identifying information requested by the Department while processing the request to distinguish between individuals with the same name. Your request must meet the requirements of the regulations in 34 CFR 5b.5, including proof of identity.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

The system of records was published in the Federal Register on December 27, 1999 (64 FR 72384, 72397) and entitled “Title IV Wide Area Network” (Title IV WAN). This system of records was altered and published in the Federal Register on January 28, 2005 (70 FR 4112), changing the title to “Student Aid internet Gateway (SAIG), Participation Management System.” The system of records notice for the SAIG, Participation Management System, was most recently altered in the Federal Register on April 19, 2010 (75 FR 20346).