Report: ED shares personal student data

High school seniors who tap the government’s online student aid application to find relief for soaring college tuitions should approach with caution. The private information disclosed on such forms—including social security number, financial status, and legal history—is shared with agencies outside the U.S. Department of Education (ED), including the Justice Department, the Pentagon, and even private companies such as debt collectors.

A report released Oct. 30 by congressional investigators found that government agencies frequently share information gleaned from various federal applications—sometimes without the applicant’s knowledge of where it might go. And it’s legal.

“People are generally unaware of all of the sharing,” said Ari Schwartz of the Center for Democracy and Technology (CDT), a civil liberties organization based in Washington, D.C.

The information sharing ranges from passport application data—which can be shared with foreign governments—to details on student loan applications. The law requires that agencies receiving the applicant’s form must disclose how they use the information.

ED spokeswoman Stephanie Babyak said applicants are told in detail on the paper and electronic forms of their applications that information will be shared. They list some, but not all, federal agencies that will receive information, but they don’t always specify what outside companies also might see it.

She said such sharing of information is needed to process the application.

“Sharing with the other agencies is necessary in order to confirm a student’s eligibility,” Babyak said.

The General Accounting Office (GAO), Congress’s investigative arm, checked four often-used government forms to see how the agencies collected and shared information both inside and outside of government. The report listed all the ways agencies share personal data, some of which are not explicitly listed on the form itself.

Much of the sharing is owing to “computer matching agreements,” a way to automate routine checks.

For example, ED gives information on financial aid applicants to:

  • The Justice Department to see if they have been convicted of a drug-related offense.
  • The Department of Veteran’s Affairs to check a veteran’s eligibility status for student aid.
  • The Selective Service System to make sure a male applicant has registered for the draft.
  • The Immigration and Naturalization Department to see if an applicant is eligible for federal benefits.

If an applicant is delinquent on a federal loan, application information goes to a private collection bureau. ED also sends the student’s personal financial information to state agencies to coordinate student aid.

While ED admitted it shares data about student aid applicants with other federal agencies, the department was unable to specify at press time whether ED employs the same communal approach to private information from other applications, including those for education grants.

No question, federal information-sharing agreements and the convenience of sharing computer data make swapping Americans’ most sensitive personal information easy to do.

“It’s becoming much easier to share information across multiple databases,” said Mihir Kshirsagar, a policy analyst for the Electronic Privacy Information Center. But technology, he said, is making it more difficult for applicants to control which agencies have access to the information once it is submitted.

Despite concerns, investigators found the agencies largely complied with federal information sharing and privacy regulations as they stand today.

“These four agencies’ handling of personal information varied greatly—including the types and amount collected—and a wide range of personnel had access to the information,” investigators wrote. “We did, however, note isolated instances of forms that were not accurate or current, and other forms that did not contain the proper privacy notices.”

The four forms investigated were ED’s student aid request, Agriculture’s standard loan form for farmers, Labor’s federal worker’s compensation form, and a passport application from the State Department.

The sharing is allowed under an exception in the Privacy Act, which protects a person’s information from sharing without prior consent. Called the “routine use exception,” agencies must make a public statement in the Federal Register every time they want to share data in a new way.

But CDT’s Schwartz said the disclosure doesn’t make it easier for applicants to figure out.

“There’s [a new Federal register notice] every day, they’re very difficult to read, and [such privacy disclosures are] listed vaguely,” Schwartz said. “It’s the easiest place to claim an exemption.”

Legislation proposed by Sen. Joseph Lieberman, D-Conn., who requested the GAO report, would require more detailed privacy impact statements on such databases. The Senate has passed the bill and the House is expected to take it up after the election recess.

Even though the agencies must tell applicants how their information will be used, applicants are usually left with a Hobson’s choice: Either provide the information and watch it be shared throughout the government and elsewhere, or don’t apply and forego the student aid, passport, or other service.

The GAO also found that many federal employees at the individual agencies can see the information that is shared. Up to 13 different types of State Department workers—from civil service clerks and foreign workers at U.S. embassies to employees at Mellon Bank, which handles some passport renewals—have access to passport application data, for example.

Schwartz said privacy concerns are likely to increase as the government relies more on digital forms.

“We need to make sure that the Privacy Act is kept up to date and [is] still relevant,” he said.


U.S. Department of Education

General Accounting Office

Center for Democracy and Technology

Sen. Joseph Lieberman

Electronic Privacy Information Center

Want to share a great resource? Let us know at