
	
		II
		110th CONGRESS
		1st Session
		S. 1401
		IN THE SENATE OF THE UNITED
		  STATES
		
			May 15, 2007
			Mr. Enzi (for himself,
			 Mr. Alexander, Mr. Allard, Mr.
			 Burr, Mr. Isakson,
			 Mr. Roberts, and
			 Ms. Murkowski) introduced the following
			 bill; which was read twice and referred to the
			 Committee on Health, Education, Labor,
			 and Pensions
		
		A BILL
		To improve the National Student Loan Data
		  System.
	
	
		1.Short titleThis Act may be cited as the
			 Student Financial Aid Data Privacy
			 Protection Act.
		2.National Student Loan Data
			 SystemSection 485B of the
			 Higher Education Act of 1965 (20 U.S.C. 1092b) is amended—
			(1)by redesignating subsections (d) through
			 (g) as subsections (e) through (h), respectively;
			(2)by inserting after subsection (c) the
			 following:
				
					(d)Principles for administering the data
				systemIn managing the
				National Student Loan Data System, the Secretary shall take actions necessary
				to maintain confidence in the data system, including, at a minimum—
						(1)ensuring that the primary purpose of access
				to the data system by guaranty agencies, eligible lenders, and eligible
				institutions of higher education is for legitimate program operations, such as
				the need to verify the eligibility of a student, potential student, or parent
				for loans under part B, D, or E;
						(2)prohibiting nongovernmental researchers and
				policy analysts from accessing personally identifiable information;
						(3)creating a disclosure form for students and
				potential students that is distributed when such students complete the common
				financial reporting form under section 483, and as a part of the exit
				counseling process under section 485(b), that—
							(A)informs the students that any title IV
				grant or loan the students receive will be included in the National Student
				Loan Data System, and instructs the students on how to access that
				information;
							(B)describes the categories of individuals or
				entities that may access the data relating to such grant or loan through the
				data system, and for what purposes access is allowed;
							(C)defines and explains the categories of
				information included in the data system;
							(D)provides a summary of the provisions of the
				Federal Educational Rights and Privacy Act of 1974 and other applicable Federal
				privacy statutes, and a statement of the students' rights and responsibilities
				with respect to such statutes;
							(E)explains the measures taken by the
				Department to safeguard the students' data; and
							(F)includes other information as determined
				appropriate by the Secretary;
							(4)requiring guaranty agencies, eligible
				lenders, and eligible institutions of higher education that enter into an
				agreement with a potential student, student, or parent of such student
				regarding a loan under part B, D, or E, to inform the student or parent that
				such loan shall be—
							(A)submitted to the data system; and
							(B)accessible to guaranty agencies, eligible
				lenders, and eligible institutions of higher education determined by the
				Secretary to be authorized users of the data system;
							(5)regularly reviewing the data system
				to—
							(A)delete inactive users from the data
				system;
							(B)ensure that the data in the data system are
				not being used for marketing purposes; and
							(C)monitor the use of the data system by
				guaranty agencies and eligible lenders to determine whether an agency or lender
				is accessing the records of students in which the agency or lender has no
				existing financial interest; and
							(6)developing standardized protocols for
				limiting access to the data system that include—
							(A)collecting data on the usage of the data
				system to monitor whether access has been or is being used contrary to the
				purposes of the data system;
							(B)defining the steps necessary for
				determining whether, and how, to deny or restrict access to the data system;
				and
							(C)determining the steps necessary to reopen
				access to the data system following a denial or restriction of
				access.
							;
				and
			(3)by striking subsection (e) (as redesignated
			 by paragraph (1)) and inserting the following:
				
					(e)Reports to Congress
						(1)Annual reportNot later than September 30 of each fiscal
				year, the Secretary shall prepare and submit to the appropriate committees of
				Congress a report describing—
							(A)the results obtained by the establishment
				and operation of the National Student Loan Data System authorized by this
				section;
							(B)the effectiveness of existing privacy
				safeguards in protecting student and parent information in the data
				system;
							(C)the success of any new authorization
				protocols in more effectively preventing abuse of the data system;
							(D)the ability of the Secretary to monitor how
				the system is being used, relative to the intended purposes of the data system;
				and
							(E)any protocols developed under subsection
				(d)(6) during the preceding fiscal year.
							(2)Study
							(A)In generalThe Secretary shall conduct a study
				regarding—
								(i)available mechanisms for providing students
				and parents with the ability to opt in or opt out of allowing eligible lenders
				to access their records in the National Student Loan Data System; and
								(ii)appropriate protocols for limiting access
				to the data system, based on the risk assessment required under subchapter III
				of chapter 35 of title 44, United States Code.
								(B)Submission of studyNot later than 3 years after the date of
				enactment of the Student Financial Aid Data
				Privacy Protection Act, the Secretary shall prepare and submit a
				report on the findings of the study to the appropriate committees of
				Congress.
							.
			
