Statement of Purpose

The purpose of this rule is to set forth the guidelines governing the protection of financial aid data under applicable statutory and regulatory provisions and guidance.

This rule applies to all University employees, students, contractors, consultants, and any other party or persons acting on behalf of or at the direction of the University.

Definitions

1. ED - The U.S. Department of Education
2. FSA - Federal Student Aid, which is an office of ED
3. FAFSA - Free Application for Federal Student Aid
4. ISIR - Institutional Student Information Record and is an electronic federal output document that creates a summary per student from data submitted on the FAFSA
5. SAI - Student Aid Index
6. EFC - Expected Family Contribution
7. IRS - Internal Revenue Service
8. Federal Financial Aid Data
   1. FTI Data - Federal Tax Information Data and it includes any Federal tax return information received from the IRS by ED under applicable statutory and regulatory provisions.
   2. FAFSA Data - All applicant and contributor information provided on the FAFSA that is not directly provided by the IRS
9. Derived FAFSA Data - (1) the calculated metric or index (e.g., SAI or EFC) as defined by applicable statutory and regulatory provisions; and (2) Federal Pell Grant information
10. Other Non-FAFSA Data - other data elements collected or received by the institution in the financial aid application and/or financial aid eligibility evaluation process that may be governed by alternative statutory and regulatory provisions
11. Application, Award, and Administration of Aid - The administrative and business functions necessary to deliver federal, state, and institutional financial aid efficiently and effectively to students.
12. Written Consent - A separate, written document that is signed and dated (which may include by electronic format) by an applicant in accordance with applicable statutory and regulatory provisions and guidance
13. NIST - National Institute of Standards and Technology
14. CUI - Controlled Unclassified Information and is an information category used to classify and protect sensitive data, including FTI. CUI is subject to specific confidentiality protections and regulatory requirements
15. CUI//SP-TAX - Controlled Unclassified Information/Specified Tax. FTI is classified as CUI//SP-TAX, indicating its status as Controlled Unclassified Information, Specified Tax category
16. PII - Personally Identifiable Information and includes:
    1. The student’s name;
    2. The name of the student’s parent or other family member;
    3. The address of the student or student’s family;
    4. A personal identifier, such as the student’s social security number or student number;
    5. A list of personal characteristics that would make the student’s identity easily traceable; or
    6. Other information that would make the student’s identity easily traceable.
17. Party - An individual, agency, institution, or organization

Permitted Disclosure and Use Provisions

1. FTI Data - FTI Data is considered CUI//SP-TAX and shall be labeled as such wherever it is stored and used. FTI Data shall only be accessed, used, and disclosed in accordance with applicable statutory and regulatory provisions and guidance. Examples include, but may not be limited to:
   1. Application, Award, and Administration of Aid.
   2. Disclosure permitted to other parties as defined by the student but only for the purpose of applying for and receiving Federal, State, Local, or Tribal Assistance toward cost of attendance.
   3. Disclosure permitted directly to the applicant upon their request.
   4. Audits conducted by ED.
   5. Permissible situations with Written Consent.
2. FAFSA Data & Derived FAFSA Data - FAFSA Data and Derived FAFSA Data shall only be accessed, used and disclosed in accordance with applicable statutory and regulatory provisions and guidance. Examples include, but may not be limited to:
   1. Application, Award, and Administration of Aid
   2. Disclosure permitted to other parties as defined by the student but only for the purpose of applying for and receiving Federal, State, Local, or Tribal Assistance toward cost of attendance.
   3. Disclosure permitted directly to the applicant upon their request.
   4. Audits conducted by ED.
   5. Permissible situations with Written Consent.
   6. Used for research that does not release PII on an applicant to promote college attendance, persistence, and completion
3. Other Non-FAFSA Data - Other Non-FAFSA Data might have more flexibility in disclosure and use with applicable statutory and regulatory provisions and guidance. Examples include, but are not limited to:
   1. Student Admission Records
   2. Unmet need
   3. Loan Disbursement Records
   4. Enrollment
   5. Other financial aid data and information

University Personnel Access, Guidelines and Restrictions

1. It is the responsibility of all personnel with access to protected data within this rule to maintain confidentiality and adhere to all applicable statutory and regulatory provisions and guidance.
2. The Chief Financial Aid Officer as designated by the Federal Student Aid Electronic Application, or their designee, is the owner of the data and responsible for determining access.
3. Only authorized personnel within the institution or entities working on our behalf shall have access to the protected data within this rule.
4. Access to this data shall be granted on a case-by-case basis by the designee established by the institution in accordance with applicable statutory and regulatory provisions and guidance.
5. The institution will implement appropriate technical, physical, and administrative safeguards to protect the data outlined in this rule in accordance with applicable statutory and regulatory provisions and guidance. These measures shall be intended to comply with industry best practices.
6. The institution shall implement appropriate training for all who are granted access. Regular training and sessions and updates shall be provided to ensure ongoing awareness and compliance.
7. Any violations of this rule shall be reported to the appropriate authorities within the institution.