[Federal Register Volume 82, Number 151 (Tuesday, August 8, 2017)]
[Notices]
[Pages 37089-37094]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-16658]


-----------------------------------------------------------------------

DEPARTMENT OF EDUCATION

[Docket ID ED-2017-FSA-0056]


Privacy Act of 1974; System of Records

AGENCY: Federal Student Aid, Department of Education.

ACTION: Notice of a new and rescinded system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended 
(Privacy Act), the Department of Education (Department) publishes this 
notice of a new system of records entitled ``Integrated Partner 
Management'' (IPM) system (18-11-21), and a rescinded system of records 
entitled ``Postsecondary Education Participants System'' (PEPS) (18-11-
09).

DATES: Submit your comments on this proposed new and rescinded system 
of records notice on or before September 7, 2017.
    The Department has filed a report describing the new system of 
records covered by this notice with the Chair of the Senate Committee 
on Homeland Security and Governmental Affairs, the Chair of the House 
Committee on Oversight and Government Reform, and the Acting 
Administrator of the Office of Information and Regulatory Affairs, 
Office of Management and Budget (OMB), on July 7, 2017. This new and 
rescinded system of records will become effective upon publication in 
the Federal Register on August 8, 2017, unless the new and rescinded 
system of records needs to be changed as a result of public comment or 
OMB review. The routine uses listed under ``ROUTINE USES OF RECORDS 
MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF 
SUCH USES'' will become effective on September 7, 2017, unless the new 
system of records notice needs to be revised as a result of OMB review 
or public comment. The Department will publish any changes to the 
system of records or routine uses that result from public comment or 
OMB review.

[[Page 37090]]


ADDRESSES: Submit your comments through the Federal eRulemaking Portal 
or via postal mail, commercial delivery, or hand delivery. We will not 
accept comments submitted by fax or by email or those submitted after 
the comment period. To ensure that we do not receive duplicate copies, 
please submit your comments only once. In addition, please include the 
Docket ID and the term ``Integrated Partner Management'' at the top of 
your comments.
     Federal eRulemaking Portal: Go to www.regulations.gov to 
submit your comments electronically. Information on using 
Regulations.gov, including instructions for accessing agency documents, 
submitting comments, and viewing the docket, is available on the site 
under the ``Help'' tab.
     Postal Mail, Commercial Delivery, or Hand Delivery: If you 
mail or deliver your comments about this system of records, address 
them to: Michele Brown, Director, Technical and Business Support 
Service Group, Program Compliance, Federal Student Aid, U.S. Department 
of Education, 830 First Street NE., Union Center Plaza (UCP), Room 
82D4, Washington, DC 20202. Telephone: (202) 377-3203.
    Privacy Note: The Department's policy is to make all comments 
received from members of the public available for public viewing in 
their entirety on the Federal eRulemaking Portal at 
www.regulations.gov. Therefore, commenters should be careful to include 
in their comments only information that they wish to make publicly 
available.
    Assistance to Individuals with Disabilities in Reviewing the 
Rulemaking Record: On request, we will provide an appropriate 
accommodation or auxiliary aid to an individual with a disability who 
needs assistance to review the comments or other documents in the 
public rulemaking record for this notice. If you want to schedule an 
appointment for this type of accommodation or aid, please contact the 
person listed under FOR FURTHER INFORMATION CONTACT.

FOR FURTHER INFORMATION CONTACT: Michele Brown, Director, Technical and 
Business Support Service Group, Program Compliance, Federal Student 
Aid, U.S. Department of Education, 830 First Street NE., Union Center 
Plaza (UCP), Room 82D4, Washington, DC 20202. Telephone: (202) 377-
3203.
    If you use a telecommunications device for the deaf (TDD) or a text 
telephone (TTY), you may call the Federal Relay Service, toll free, at 
1-800-877-8339.

SUPPLEMENTARY INFORMATION:

Introduction

    The Privacy Act (5 U.S.C. 552a(e)(4) and (11)) requires each 
Federal agency to publish in the Federal Register a notice of a new and 
rescinded system of records. The Department's regulations implementing 
the Privacy Act are contained in the Code of Federal Regulations (CFR) 
in 34 CFR part 5b.
    The Privacy Act applies to information about an individual that is 
maintained in a system of records from which information is retrieved 
by a unique identifier associated with the individual, such as a name 
or Social Security number (SSN). The information about the individual 
is called a ``record,'' and the system, whether manual or computer 
based, is called a ``system of records.''
    The Privacy Act requires Federal agencies to publish a notice of a 
new system of records in the Federal Register and to submit a report to 
OMB whenever the agency publishes a new system of records or makes a 
significant change to an established system of records. Each agency is 
also required to send copies to the Chair of the Senate Committee on 
Homeland Security and Governmental Affairs and the Chair of the House 
Committee on Oversight and Government Reform. These reports are 
intended to permit an evaluation of the probable or potential effect of 
the proposal on the privacy rights of individuals.
    The Privacy Act also requires Federal agencies to publish in the 
Federal Register a notice of rescindment when an agency stops 
maintaining a previously established system of records, but the 
rescission is not within the purview of subsection (r) of the Privacy 
Act; therefore, it is not required to be reported to OMB and Congress.
    The Department identifies the PEPS system of records (18-11-09), as 
published in the Federal Register on June 4, 1999 (64 FR 30106, 30171-
30173), and as amended on December 27, 1999 (64 FR 72384, 72405), to be 
rescinded because some of the records covered by this system of records 
will be maintained in the Department's IPM system (18-11-21). The 
Department takes this action so that it does not maintain duplicate 
systems of records.
    The IPM system is a web-accessible system created by the Department 
to support eligibility determination and enrollment of entities seeking 
to participate in student aid programs under title IV of the Higher 
Education Act of 1965, as amended (HEA), and to oversee those entities' 
compliance with title IV, HEA's statutory and regulatory requirements.
    The IPM system contains information on individuals with substantial 
ownership interests in, or control over, authorized entities 
(postsecondary schools, lenders, guaranty agencies, or third-party 
servicers that participate in title IV, HEA student financial aid 
programs) regarding the eligibility, administrative capabilities, and 
financial responsibility of the schools, lenders, guaranty agencies, 
and third-party servicers. Such information includes, but is not 
limited to, the names, taxpayer identification numbers, bank account 
numbers, SSNs, personal identification numbers, personal addresses, 
personal phone numbers, and personal email addresses of the individuals 
with substantial ownership interests in, or control over, those 
entities.
    The IPM system also contains information about individuals 
affiliated with authorized entities who request electronic access to 
title IV, HEA, Federal Student Aid (FSA) systems. Such information 
includes, but is not limited to, the individual's name, SSN, date of 
birth, address, phone number, and authentication information (user ID, 
password, and security challenge questions and answers).
    The IPM system will integrate a number of core partner management 
functions to deliver significant improvements from both a cost and 
customer satisfaction perspective. The partner management functions 
include enrollment, eligibility, and oversight processes used to manage 
partner entities as they administer title IV financial assistance. The 
IPM system will integrate the services currently provided by legacy 
systems into a single IPM solution. This integration will take an end-
to-end view of FSA's entire partner eligibility and oversight business, 
which includes the following legacy systems: Postsecondary Education 
Participants System (PEPS), Electronic Application for Approval to 
Participate in Federal Student Financial Aid Programs (eApp), eZ-Audit, 
Integrated Partner Management Document Management (IPM DM), and 
Lender's Application Process (LAP). The benefits of integrating these 
legacy systems will include:
     Improved workflow automation to ensure timely completion 
of partner eligibility and enrollment processes;
     Improved efficiency in case management;
     A seamless repository of information;
     A scalable and configurable platform that will provide 
maximum flexibility to meet future needs;

[[Page 37091]]

     Reduced risks from leveraging current technologies to 
replace outdated and unsupported technologies;
     An established base of secure and accessible information;
     More efficient processes to meet internal and external 
reporting requirements;
     Improved overall program quality by reducing errors; and
     Reduction of the risk of FSA failing to detect a non-
compliant partner.
    Upon implementation of the IPM system, the PEPS legacy systems will 
be retired. However, some legacy systems may be kept alive for a short 
period of time to ensure the continued operation of our business until 
the new IPM system is fully functional.
    Accessible Format: Individuals with disabilities can obtain this 
document in an accessible format (e.g., braille, large print, 
audiotape, or compact disc) on request to the program contact person 
listed under FOR FURTHER INFORMATION CONTACT.
    Electronic Access to This Document: The official version of this 
document is the document published in the Federal Register. Free 
internet access to the official edition of the Federal Register and the 
Code of Federal Regulations is available via the Federal Digital System 
at: www.gpo.gov/fdsys. At this site you can view this document, as well 
as all other documents of this Department published in the Federal 
Register, in text or Portable Document Format (PDF). To use PDF you 
must have Adobe Acrobat Reader, which is available free at the site.
    You may also access documents of the Department published in the 
Federal Register by using the article search feature at: 
www.federalregister.gov. Specifically, through the advanced search 
feature at this site, you can limit your search to documents published 
by the Department.

    Dated: August 3, 2017.
Matthew D. Sessa,
Acting Chief Operating Officer, Federal Student Aid.
    For the reasons discussed in the preamble, the Acting Chief 
Operating Officer of Federal Student Aid (FSA) of the U.S. Department 
of Education (Department) publishes a notice of a new and a rescinded 
system of records to read as follows:
RESCINDED SYSTEM NAME AND NUMBER:
    Postsecondary Education Participants System (PEPS) (18-11-09) 
published in the Federal Register on June 4, 1999 (64 FR 30106, 30171-
30173), and amended on December 27, 1999 (64 FR 72384, 72405).

NEW SYSTEM NAME AND NUMBER:
    Integrated Partner Management (IPM) system (18-11-21).

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Federal Student Aid Virtual Data Center (VDC), Dell Systems, Plano 
Technology Center, 2300 West Plano Parkway, Plano, TX 75075.
    Effective December 2017, the Department expects to relocate the IPM 
system to: Hewlett Packard Enterprise Services Mid-Atlantic Data Center 
(HPES MDC), Federal Student Aid Next Generation Data Center (FSA NGDC), 
250 Burlington Drive, Clarkesville, VA 23927.

SYSTEM MANAGER:
    Program Director, Integrated Partner Management, Federal Student 
Aid, U.S. Department of Education, 830 First Street NE., Room 82D4, 
Washington, DC 20202.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The data collected and stored in the IPM system is authorized under 
sections 131, 481, 487, and 498 of the Higher Education Act of 1965, as 
amended (HEA) (20 U.S.C. 1088, 1094, 1099c), and the Debt Collection 
Improvement Act of 1996 (31 U.S.C. 7701). The collection of Social 
Security numbers (SSNs) in this system is authorized by 31 U.S.C. 7701 
and Executive Order 9397 (November 22, 1943), as amended by Executive 
Order 13478 (November 18, 2008).
    The Government Paperwork Elimination Act (GPEA), Public Law 105-
277, 44 U.S.C. 3504 note, Title XVII, Section 1704, requires agencies, 
by October 21, 2003, to provide the option of electronic submission of 
information by the public when practicable. The Freedom to E-File Act, 
E-Government Act, and the President's Management Agenda authorize 
eGovernment functions as alternatives to traditional paper-based 
processes.

PURPOSE(S) OF THE SYSTEM:
    The information contained in the IPM system will be used for the 
purposes of determining initial and continued eligibility, 
administrative capability, and financial responsibility of 
postsecondary schools, lenders, and guaranty agencies that participate 
in title IV, HEA student assistance programs, and third-party servicers 
contracted by these entities; tracking changes to those entities; 
maintaining a history of this information for all entities that have 
ever applied to participate or have participated in these programs; 
documenting any protective or corrective action against an entity or an 
individual associated with the entity; and establishing the identity of 
individuals who request access to title IV, HEA Federal student aid 
systems.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The IPM system contains records about individual owners (either 
solely or as partners or shareholders), officials, and individuals 
acting as authorized agents of postsecondary institutions, lenders, and 
guaranty agencies that participate in the student assistance programs 
authorized under title IV of the HEA; members of boards of directors or 
trustees of such entities; employees of foreign entities that evaluate 
the quality of education; employees of third-party servicers, including 
contact persons, that contract with schools, lenders, or guaranty 
agencies; and individuals affiliated with authorized entities who 
request electronic access to title IV, HEA student assistance systems.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records in the IPM system will include, but are not limited to, 
names, taxpayer identification numbers (TINs), and bank account numbers 
of individuals with substantial ownership interests in, or control 
over, schools, lenders, guaranty agencies, or third party servicers. 
The IPM system will also contain SSNs, personal identification numbers 
assigned by the Department, personal addresses, personal phone numbers, 
and personal email addresses of the individuals with substantial 
ownership interests in, or control over, those entities.
    Records for individuals affiliated with authorized entities 
(schools, lenders, guaranty agencies, or third-party servicers) who 
request electronic access to title IV, HEA student assistance systems 
will also be included in the system. Such information will include, but 
is not limited to, the individual's name, SSN, and date of birth, 
address, phone number, and authentication information (User ID and 
password).

RECORD SOURCE CATEGORIES:
    Information is obtained from applications submitted by 
postsecondary institutions and other entities that seek to participate 
in the student financial assistance programs and from components of the 
Department; from other Federal, State, Tribal, and local governmental 
agencies; and from non-governmental agencies and organizations that 
acquire information relevant to the purposes of the IPM system.

[[Page 37092]]

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    The Department may disclose information contained in a record in 
this system of records under the routine uses listed in this system of 
records without the consent of the individual when the disclosure is 
compatible with the purposes for which the record was collected. These 
disclosures may be made on a case-by-case basis or, if the Department 
has complied with the computer matching requirements of the Privacy Act 
of 1974, as amended (Privacy Act), under a computer matching agreement 
(CMA).
    The routine uses for the IPM system are as follows:
    (1) Program Purposes. The Department may disclose information 
contained in the IPM system to appropriate guaranty agencies, 
educational and financial institutions, accrediting agencies, State 
agencies, and appropriate Federal, State, or local agencies, in order 
to verify and assist with the determination of eligibility, 
administrative capability, and financial responsibility of 
postsecondary institutions that have applied to participate in the 
student financial assistance programs.
    (2) Enforcement Disclosure. In the event that information in this 
system of records indicates, either on its face or in connection with 
other information, a violation or potential violation of any applicable 
statute, regulation, or order of a competent authority, the Department 
may disclose the relevant records in the IPM system, as a routine use, 
to the appropriate agency, whether foreign, Federal, State, Tribal, or 
local, charged with the responsibility of investigating or prosecuting 
such violation or charged with enforcing or implementing the statute, 
or executive order or rule, regulation, or order issued pursuant 
thereto.
    (3) Litigation and Alternative Dispute Resolution (ADR) Disclosure.
    (a) Introduction. In the event that one of the parties listed below 
is involved in judicial or administrative litigation or alternative 
dispute resolution (ADR), or has an interest in judicial or 
administrative litigation or ADR, the Department may disclose records 
in the IPM system to the parties described in paragraphs (b), (c), and 
(d) of this routine use under the conditions specified in those 
paragraphs:
    (i) The Department, or any component of the Department;
    (ii) Any Department employee in his or her official capacity;
    (iii) Any employee of the Department in his or her individual 
capacity where the Department of Justice (DOJ) has agreed to or has 
been requested to provide or arrange for representation for the 
employee;
    (iv) Any employee of the Department in his or her individual 
capacity where the Department has agreed to represent the employee; or
    (v) The United States, where the Department determines that the 
litigation is likely to affect the Department or any of its components.
    (b) Disclosure to the Department of Justice. If the Department 
determines that disclosure of certain records to the DOJ is relevant 
and necessary to the judicial or administrative litigation or ADR, the 
Department may disclose those records as a routine use to the DOJ.
    (c) Adjudicative Disclosure. If the Department determines that 
disclosure of certain records to an adjudicative body before which the 
Department is authorized to appear, or to an individual or entity 
designated by the Department or otherwise empowered to resolve or 
mediate disputes, is relevant and necessary to the judicial or 
administrative litigation or ADR, the Department may disclose those 
records as a routine use to that adjudicative body, entity, or 
individual.
    (d) Disclosure to Parties, Counsel, Representatives, or Witnesses. 
If the Department determines that disclosure of certain records to a 
party, counsel, representative, or witness is relevant and necessary to 
judicial or administrative litigation or ADR, the Department may 
disclose those records as a routine use to the party, counsel, 
representative or witness.
    (4) Employment, Benefit, and Contracting Disclosure.
    (a) For decisions by the Department. The Department may disclose 
records to a Federal, State, or local agency maintaining civil, 
criminal, or other relevant enforcement or other pertinent records, or 
to another public authority or professional organization, if necessary 
to obtain information relevant to a Department decision concerning the 
hiring or retention of an employee or other personnel action, the 
issuance of a security clearance, the letting of a contract, or the 
issuance of a license, grant, or other benefit.
    (b) For decisions by Other Public Agencies and Professional 
Organizations. The Department may disclose records to a Federal, State, 
local, or foreign agency or other public authority or professional 
organization, in connection with the hiring or retention of an employee 
or other personnel action, the issuance of a security clearance, the 
letting of a contract, or the issuance of a license, grant, or other 
benefit, to the extent that the record is relevant and necessary to the 
receiving entity's decision on the matter.
    (5) Employee Grievance, Complaint, or Conduct Disclosure. The 
Department may disclose a record in the IPM system to another agency of 
the Federal government if the record is relevant to a complaint, 
grievance, disciplinary, or competency determination proceeding 
regarding a present or former employee of the Department. The 
disclosure may only be made during the course of the proceeding.
    (6) Labor Organization Disclosure. The Department may disclose a 
record in the IPM system to an arbitrator to resolve disputes under a 
negotiated grievance procedure or to officials of labor organizations 
recognized under 5 U.S.C. chapter 71 when relevant and necessary to 
their duties of exclusive representation.
    (7) Freedom of Information Act (FOIA) and Privacy Act Advice 
Disclosure. The Department may disclose records to the DOJ or the 
Office of Management and Budget (OMB) if the Department concludes that 
disclosure is desirable or necessary in determining whether particular 
records are required to be disclosed under the FOIA or the Privacy Act.
    (8) Disclosure to the Department of Justice. The Department may 
disclose records to the DOJ to the extent necessary for obtaining DOJ 
advice on any matter relevant to an audit, inspection, or other inquiry 
related to the programs covered by this system.
    (9) Contract Disclosure. If the Department contracts with an entity 
for the purpose of performing any function that requires disclosure of 
records in this system to employees of the contractor, the Department 
may disclose the records to those employees. Before entering into such 
a contract, the Department shall require the contractor to maintain 
Privacy Act safeguards as required under 5 U.S.C. 552a(m) with respect 
to the records in the system.
    (10) Research Disclosure. The Department may disclose records to a 
researcher if an appropriate official of the Department determines that 
the individual or organization to which the disclosure would be made is 
qualified to carry out specific research related to functions or 
purposes of this system of records. The official may disclose records 
from this system of records to that researcher solely for the purpose 
of carrying out that research related to the functions or purposes of 
this system of records. The researcher shall be required to maintain 
Privacy Act

[[Page 37093]]

safeguards with respect to the disclosed records.
    (11) Congressional Member Disclosure. The Department may disclose 
records to a member of Congress from the record of an individual in 
response to an inquiry from the member made at the written request of 
that individual. The member's right to the information is no greater 
than the right of the individual who requested it.
    (12) Disclosure to the Office of Management and Budget for Credit 
Reform Act (CRA) Support. The Department may disclose records to OMB as 
necessary to fulfill CRA requirements.
    (13) Feasibility Study Disclosure. The Department may disclose 
information from this system of records to other Federal agencies, and 
to guaranty agencies and to their authorized representatives, to 
determine whether computer matching programs should be conducted by the 
Department for purposes such as to locate a delinquent or defaulted 
debtor or to verify compliance with program regulations.
    (14) Disclosure for Use by Other Law Enforcement Agencies. The 
Department may disclose information to any Federal, State, local, or 
foreign agency or other public authority responsible for enforcing, 
investigating, or prosecuting violations of administrative, civil, or 
criminal law or regulation if that information is relevant to any 
enforcement, regulatory, investigative, or prosecutorial responsibility 
within the receiving entity's jurisdiction.
    (15) Disclosure in the Course of Responding to a Breach of Data. 
The Department may disclose records from this system to appropriate 
agencies, entities, and persons when: (a) The Department suspects or 
has confirmed that the security or confidentiality of information in 
the system of records has been compromised; (b) the Department has 
determined that as a result of the suspected or confirmed compromise 
there is a risk of harm to economic or property interests, identity 
theft or fraud, or harm to the security or integrity of this system or 
other systems or programs (whether maintained by the Department or 
another agency or entity) that rely upon the compromised information; 
and (c) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with the Department's 
efforts to respond to the suspected or confirmed compromise and 
prevent, minimize, or remedy such harm.
    (16) Disclosure in Assisting Another Agency in Responding to a 
Breach of Data. The Department may disclose records from this system to 
another Federal agency or entity when the Department determines that 
information from this system of records is reasonably necessary to 
assist the recipient agency or entity (1) responding to a suspected or 
confirmed breach or (2) preventing, minimizing, or remedying the risk 
of harm to individuals, the recipient agency or entity (including its 
information systems, programs, and operations), the Federal Government, 
or national security, resulting from a suspected or confirmed breach.
    (17) Disclosure to Third Parties through Computer Matching 
Programs. Unless otherwise prohibited by other laws, any information 
from this system of records, including personal information obtained 
from other agencies through computer matching programs, may be 
disclosed to any third party through a computer matching program that 
is conducted under a computer matching agreement between the Department 
and the third party, and requires that the matching be conducted in 
compliance with the requirements of the Privacy Act. The purposes of 
these disclosures may be: (a) To establish or verify program 
eligibility and benefits; (b) to establish or verify compliance with 
program regulations or statutory requirements, such as to investigate 
possible fraud or abuse; and (c) to recoup payments or delinquent debts 
under any Federal benefit programs, such as to locate or take legal 
action against a delinquent or defaulted debtor.
    (18) Disclosure of Information to U.S. Department of the Treasury 
(Treasury). The Department may disclose records of this system to (a) a 
Federal or State agency, its employees, agents (including contractors 
of its agents), or contractors, or (b) a fiscal or financial agent 
designated by the Treasury, including employees, agents, or contractors 
of such agent, for the purpose of identifying, preventing, or recouping 
improper payments to an applicant for, or recipient of, Federal funds, 
including funds disbursed by a State in a State-administered, federally 
funded program; and disclosure may be made to conduct computerized 
comparisons for this purpose.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The records are maintained in electronic data files on the IPM 
system servers.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    The records in this system are indexed by the name of the 
institution or organization, and may be retrieved by an identifying 
number, such as, but not limited to, the Routing ID (RID) of the 
organization, the Entity Identification Number (EIN), or Partner ID or 
Data Universal Numbering System (DUNS) of the entity; or the name, SSN, 
or the TIN of an individual associated with the institution or 
organization.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are retained for 30 years after the final action is 
completed in accordance with the Department's records retention and 
disposition schedule 074 FSA Guaranty Agency, Financial & Education 
Institution Eligibility, Compliance, Monitoring and Oversight Records.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    In accordance with the Federal Information Security Management Act 
of 2002, as amended by the Federal Information Security Modernization 
Act of 2014 (FISMA), every Federal Student Aid information system must 
receive a signed Authority to Operate (ATO) from a designated official. 
The ATO process includes a rigorous assessment of security controls, a 
plan of action and milestones to remediate any identified deficiencies, 
and a continuous monitoring program.
    The IPM system controls include a combination of FISMA management, 
operational, and technical controls, including the following control 
families: Access control, awareness and training, audit and 
accountability, security assessment and authorization, configuration 
management, contingency planning, identification and authentication, 
incident response, maintenance, media protection, physical and 
environmental protection, planning, personnel security, privacy, risk 
assessment, system and services acquisition, system and communications 
protection, system and information integrity, and program management.
    All physical access to the Department's Virtual Data Center system 
is controlled and monitored by security personnel who check each 
individual entering the building for his or her employee or visitor 
badge. The computer system employed by the Department offers a high 
degree of resistance to tampering and circumvention. This security 
system limits data access to staff of the Department, schools, 
guarantors, authorized third-party servicer employees, lenders, 
accrediting agencies, State agencies, and

[[Page 37094]]

Department contractors on a ``need-to-know'' basis, and controls 
individual users' ability to access and alter records within the 
system. All users of this system of records are given a unique user ID 
with personal identifiers. All interactions by individual users with 
the system are recorded.

RECORD ACCESS PROCEDURES:
    You may gain access to any records in the IPM system that pertain 
to you. This is done by contacting the system manager and following the 
procedures for notification listed above. You must meet the 
requirements of 34 CFR 5b.5.

CONTESTING RECORD PROCEDURES:
    You may contest the content of a record in the IPM system 
pertaining to you by presenting to the system manager, either in 
writing or in person, a request to amend or correct that information. 
The request to amend, or for an appointment to present an oral request, 
must be made in writing mailed to the system manager at the address 
provided above. The request must identify the particular record within 
the IPM system that you wish to have changed, state whether you wish to 
have the record amended, corrected, or rescinded, and explain the 
reasons why you wish to have the record changed. Your request must meet 
the requirements of the Department's Privacy Act regulations at 34 CFR 
5b.7.

NOTIFICATION PROCEDURES:
    If you wish to determine whether a record exists regarding you in 
the IPM system, provide the system manager with your name, date of 
birth, and SSN. Your request must meet the requirements of the 
regulations at 34 CFR 5b.5, including proof of identity. You may 
address your request, or present that request in person, to the system 
manager at the address above.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:
    Disclosures pursuant to 5 U.S.C. 552a(b)(12) (as set forth in 31 
U.S.C. 3711(e)): Disclosures may be made from this system to ``consumer 
reporting agencies,'' as defined in the Fair Credit Reporting Act (15 
U.S.C. 1681a(f)) or the Debt Collection Improvement Act (31 U.S.C. 
3701(a)(3)).

EXEMPTIONS PROMULATED FOR THE SYSTEM:
    None.

HISTORY:
    Pursuant to the requirements of OMB Circular No. A-108, the last 
full Federal Register publication of the PEPS system of records (18-11-
09), which this system of records rescinds and replaces, was published 
in the Federal Register on June 4, 1999 (64 FR 30106, 30171-30173), and 
amended on December 27, 1999 (64 FR 72384, 72405).

[FR Doc. 2017-16658 Filed 8-7-17; 8:45 am]
BILLING CODE 4000-01-P