The Washington Post
Sunday 15 April 2007
Improper searches raise privacy fears.
Some lending companies with access to a national database that contains confidential information on tens of millions of student borrowers have repeatedly searched it in ways that violate federal rules, raising alarms about data mining and abuse of privacy, government and university officials said.
The improper searching has grown so pervasive that officials said the Education Department is considering a temporary shutdown of the government-run database to review access policies and tighten security. Some worry that businesses are trolling for marketing data they can use to bombard students with mass mailings or other solicitations.
Students' Social Security numbers, e-mail addresses, phone numbers, birth dates and sensitive financial information such as loan balances are in the database, which contains 60 million student records and is covered by federal privacy laws. "We are just in shock that student data could be compromised like this," said Nancy Hoover, director of financial aid at Denison University in Ohio.
Education Department spokeswoman Katherine McLane said the agency has spent more than $650,000 since 2003 to safeguard the database. The department has blocked thousands of users that it deemed unqualified for access after security reviews, McLane said, and it has blocked 246 users from the student loan industry for inappropriately accessing the data.
In general, the department allows lenders to search records in the database only if they have a student's permission or a financial relationship with the student.
The department has been "vigilant in its monitoring for unauthorized uses" of the database, McLane said.
Concerns about possible abuses of the database are emerging as the student loan industry is under investigation by congressional Democrats and the New York attorney general. Critics say the $85 billion-a-year industry has cozied up to government and university officials who are in a position to help lenders.
This month, a previously obscure Education Department official named Matteo Fontana was suspended after the revelation that he owned more than $100,000 worth of stock in a student loan company while he worked in a unit that helped oversee the industry - and the student loan database. The stock holding raised questions about a possible violation of conflict-of-interest rules.
The database, known as the National Student Loan Data System, was created in 1993 to help determine whether students are eligible for student aid and to assist in collecting loan payments. About 29,000 university financial aid administrators and 7,500 loan company employees have access to it.
In a recent meeting with university financial aid directors, Theresa S. Shaw, chief operating officer of the department's Office of Federal Student Aid, which manages the database, said lenders have been mining it for student data with increasing frequency, according to three participants at the meeting. In the department's hierarchy, Shaw ranks above Fontana.
"She said the data mining had gotten out of co'trol, and they were trying to tone it down," said Eileen K. O'Leary, director of student aid and finance at Stonehill College in Massachusetts, who was at the Feb. 26 session. "They'd seen the mining for a few years, but now they felt it had grown exponentially."
The department first started noticing a problem in mid-2003 when loan consolidation became more popular, according to an agency official who spoke on condition of anonymity because of the sensitivity of the matter. As companies began to aggressively look for low-risk borrowers to target for consolidation plans, they turned to the database for prospective customers, the official said.
Database users can view only one student record at a time, and the department can monitor each time they view an entry. "When we see them go in and out very quickly, that's when it raises flags" about data mining, the official said. Such abuse would violate department rules.
Officials grew so concerned that in April 2005, the department sent out a letter to database users warning that inappropriate use of the system - in other words, looking for information without authorization - could cause their access to be revoked. The letter said the agency was "specifically troubled" that lenders were giving unauthorized users - such as marketing firms, collection agencies and loan brokerage firms - the ability to access the database.
"Information may not be used for any other purpose, including the marketing of student loans or other products," wrote Fontana, then general manager of a unit in the department that oversaw the lending industry.
In August 2005, Cathy H. Lewis, the department's assistant inspector general, echoed those concerns in a memo to Shaw that warned of security problems with the database and the lack of regular audit trails on the system.
Through a spokeswoman, Shaw declined to comment. Fontana did not return telephone calls.
After the warnings, inappropriate usage of the system seemed to decline, according to the department official who requested anonymity. But several months ago, top managers learned that the practice had resumed - "a pattern that's very alarming," the official said.
Some senior education officials are advocating a temporary shutdown of access to the database until tighter security measures can be put in place, the official said. McLane confirmed that such deliberations are taking place.
It is not certain that the lenders that inappropriately used the database used information from it to market directly to students. Credit bureaus, for instance, also hold personal information on borrowers that can be used to solicit customers.
But department officials believe lenders are probably using the database for marketing, according to three current and former agency employees who spoke on condition of anonymity for fear of retribution. Some university financial aid administrators suspect loan companies are probably targeting students in the database who take out loans directly with the government, known as direct loans.
"The database is being misused by the industry to raid the direct loan portfolio," said Craig Munier, director of scholarships and financial aid at the University of Nebraska at Lincoln, who was at the meeting with Shaw. "It's certainly a misuse of the intended purpose of the information and was certainly not what we intended in the higher education community when we built" the database.
Some financial aid directors say abuse of the database would explain why some students who have taken out loans only directly with the government are deluged by up to a half-dozen solicitations a day from private loan companies.
"Our students are being inundated with marketing from consolidation companies," said O'Leary, of Stonehill College. "How else are the consolidation companies getting our students' information?"
Some financial aid administrators hope inquiries into the student loan industry will extend to the possible abuse of the database.
"We are hoping that a full congressional investigation can happe'," said Hoover, the Denison aid director, who also met with Shaw. "And maybe then we will find out what's really happening."
Kennedy Wants Lenders Blocked From Data
By Amit R. Paley
The Washington Post
Monday 16 April 2007
Request comes amid scramble to protect student information.
The chairman of the Senate education committee urged the Bush administration yesterday to block student loan companies from accessing a national database that holds confidential information on tens of millions of students.
The request by Sen. Edward M. Kennedy (D-Mass.), came after The Washington Post reported on inappropriate searches of the database that could violate federal rules and raise concerns about data mining and abuses of privacy.
The problem has so alarmed officials at the U.S. Department of Education that they are considering a temporary shutdown of the system, which contains 60 million student records.
"Until the security of the database can be ensured, I urge you to block the use of the database by private lenders," Kennedy wrote in a letter to Education Secretary Margaret Spellings.
The database, known as the National Student Loan Data System, contains Social Security numbers, e-mail addresses, phone numbers, birth dates and other sensitive financial information covered by federal privacy laws. Some worry that loan companies are trolling the system for marketing data they can use to bombard students with mass mailings.
Spokeswoman Katherine McLane said the department has spent more than $650,000 and hired a full-time employee to safeguard the system. She said the agency has already blocked thousands of users that it deemed unqualified for access after security reviews.
"The department takes these matters very seriously and invests significant planning and resources to enhance security and protect the data entrusted to it," she said in an e-mail.
Both Kennedy and Rep. George Miller (D-Calif.), chairman of the House education committee, said they would look into the management and security of the database. Kennedy asked the department to provide documents from the past five years on security breaches of the system.
"Students have a right to the strictest privacy when they provide their personal information to the federal government," Miller said in a statement. "Reports of this privacy being abused raise extremely serious questions about the Department of Education's efforts to safeguard the privacy of millions of students."
-------
No comments:
Post a Comment