|
|
PRIVACY POLICY AND PRIVACY IMPACT ASSESSMENT For
The FSAdownload Website
|
Thank
you for visiting the FSAdownload website and reviewing our privacy
policy. We do not collect any personal information about you on this
website, but we do collect non-personal information about your visit.
|
1.
What is the FSAdownload Website and Its Principal Purpose?
The FSAdownload Website (also called the "Website" in this
assessment) is a product of Federal Student Aid (FSA) of the U.S.
Department of Education (ED). FSAdownload is the Internet location
where we post announcements; software and associated documents; and
technical references and guides about ED's student financial aid products
for financial aid administrators (FAAs) to download.
You
can visit the Website at: www.FSAdownload.ed.gov.
|
2.
What Information is Being Collected on the FSAdownload Website and
How Is It Used?
No information is collected on the Website that either directly
identifies an individual user of the Website (i.e. Social Security
Number, name, address or other identifying number or code, telephone
number, or e-mail address) or that is intended to be used to identify
a specific user of the Website in conjunction with any other data.
Instead of collecting privacy protected information, the Website
is a repository of announcements, software, and other written reference
materials which can be reviewed or downloaded to the FAA's personal
computer.
Non-personal
Information We Record - (Use of Cookies)
No cookies (small text files that generally are placed on your hard
drive whenever you access a given domain) or other tracking technology
are used on the Website.
If
you do nothing during your visit but browse through the Website,
read pages, or download information, our Website's operating system
will automatically record some general information about your visit.
During
your visit, our web operating system will record:
-
The Internet domain for your Internet service, such as "xcompany.com"
or "xcompany.net" if you use a private Internet access
account, or "yourinstitution.edu" if you connect from
a college or university domain;
- The
type of browser (such as "Netscape version x" or "Internet
Explorer version x") that you are using;
- The
type of operating system that you use (such as Macintosh, Unix,
or Windows);
- The
date and time you visit our site, and the web pages that you visit
on our site;
- The
address of the previous website you were visiting, if you reached
our Website through a link from another website rather than reaching
our Website directly.
Personal
information that could identify the user is not collected on this
Website.
Security
and Intrusion Detection
To maintain system security and to make sure the information that
we provide on this Website remains available to all users, we use
special software programs for monitoring network traffic to identify
unauthorized attempts by users to change information in our system,
or to otherwise cause damage to this government computer system.
The security and intrusion detection programs do not collect personally
identifiable information, but they do collect information that could
help us identify someone attempting to tamper with this Website.
Except
for authorized law enforcement investigations, we make no other
attempts to identify individual users or their usage habits. We
only use raw monitoring data logs for determining trends in usage
patterns and for diagnosing system problems.
Links
to Other Sites
Our policy discloses the privacy practices for the FSAdownload Website.
Our Website provides links to other websites. When you leave FSAdownload,
you will be going to other sites that are beyond our control. These
other sites may send their own cookies to users, collect data, or
solicit personal information. The privacy policies and procedures
described here for FSAdownload will not apply to any external links.
We encourage you to read the privacy policies of any site you link
to from ours, especially before you share any personal information.
Be informed. You are the person best qualified to protect your own
privacy.
|
3.
FSA Authority for the Collection of SSN and Other Privacy Protected
Information for the FSAdownload Website.
No information is collected on the Website that either directly
identifies an individual user of the Website (i.e. Social Security
Number, name, address or other identifying number or code, telephone
number, or e-mail address) or that is intended to be used to identify
a specific user of the Website in conjunction with any other data.
|
4.
Rights Under the Privacy Act or Other Applicable Law.
No information is collected on the Website that either directly
identifies an individual user of the Website (i.e. Social Security
Number, name, address or other identifying number or code, telephone
number, or e-mail address) or that is intended to be used to identify
a specific user of the Website in conjunction with any other data.
No personal data is being disclosed to any other system or entity.
|
5.
Voluntary Collection of SSN and Other Privacy Protected Information.
FSAdownload does not collect privacy protected information on a
voluntary basis or otherwise.
|
6.
What If I Choose Not to Use "FSAdownload"?
Use of FSAdownload is strictly voluntary, but the information and
software posted on FSAdownload may not available from another source
or in another format.
|
7.
Security
The completion of system security plans is a requirement of the
Office of Management and Budget (OMB) Circular A-130, "Management
of Federal Information Resources," Appendix III, "Security
of Federal Automated Information Resources," and Public Law
100-235, "Computer Security Act of 1987." The Central
Processing System's (CPS) security plan, which includes the FSAdownload
Website, demonstrates the Website's compliance with the Information
Technology (IT) requirements mandated by Federal law and policy.
The security plan contains details regarding the Risk Assessment
conducted for the Website, as well as the security controls (hardware/software/facilities/personnel)
in place to mitigate any identified risks to the information collected
on the Website. Management, operational, and technical security
controls are in place for the Website, encompassing personnel, physical
environment access, contingency plans, disaster recovery, and identification
and authentication procedures. The Website is currently in the operations/maintenance
phase of the life cycle. As such, the following functions are being
performed: security operations and administration, operational assurance,
audits, and monitoring. The System Security Officer (SSO) for the
Website is Mal Chernow, Management and Program Analyst, (202) 377-3351.
INTRODUCTION
TO PRIVACY IMPACT ASSESSMENT
Section
208 of the E-Government Act of 2002 (P.L. 107-347) requires FSA
to complete a Privacy Impact Assessment (PIA) for each system that
collects information from the public through the Internet.
During the Definition Phase of the FSA Solution Lifecycle, the SSO
ensures that the team completes the attached PIA Questionnaire,
has it reviewed by the Chief Information Officer or equivalent official,
and files the completed form in the system's Security Notebook as
part of the system's documentation. This PIA must also be made available
to the public.
Privacy
Impact Assessment Questionnaire
System Name: The FSAdownload Website
System Owner: William Leith
Privacy Impact Assessment Questionnaire Author: Marya Dennis
Date: [fill-in]
Officials
and organizational components involved in the analysis and review
of the Privacy Impact Assessment included the following: Department
of Education (ED), Federal Student Aid (FSA), FSA CIO, and the SSO
for the FSAdownload Website.
|
1.
What Privacy Protected Information Will Be Collected For The System?
No information is collected on the Website that either directly
identifies an individual user of the Website (i.e. Social Security
Number, name, address or other identifying number or code, telephone
number, or e-mail address) or that is intended to be used to identify
a specific user of the Website in conjunction with any other data.
Non-personal
Information We Record - (Use of Cookies)
No cookies (small text files that generally are placed on your hard
drive whenever you access a given domain) or other tracking technology
are used on the Website.
If you do nothing during your visit but browse through the Website,
read pages, or download information, our Website's operating system
will automatically record some general information about your visit.
During
your visit, our web operating system will record:
- The
Internet domain for your Internet service, such as "xcompany.com"
or "xcompany.net" if you use a private Internet access
account, or "yourinstitution.edu" if you connect from
a college or university domain;
- The
type of browser (such as "Netscape version x" or "Internet
Explorer version x") that you are using;
- The
type of operating system that you use (such as Macintosh, Unix,
or Windows);
- The
date and time you visit our site, and the web pages that you visit
on our site;
- The
address of the previous website you were visiting, if you reached
our Website through a link from another website rather than reaching
our Website directly.
Personal
information that could identify the user is not collected on this
Website.
Security
and Intrusion Detection
For security purposes and to make sure this service remains available
to all users, we use special software programs for monitoring network
traffic to identify unauthorized attempts to upload or change information,
or to otherwise cause damage to this government computer system.
These programs collect no personally identifiable information, but
they do collect information that could help us identify someone
attempting to tamper with the Website.
Except
for authorized law enforcement investigations, we make no other
attempts to identify individual users or their usage habits. We
only use raw monitoring data logs for determining trends in usage
patterns and in diagnosing system problems.
Links
to Other Sites
Our policy discloses the privacy practices for the FSAdownload Website.
But, the Website provides links to other websites. When you leave
the Website, you will be going to sites that are beyond our control.
We try to ensure that links that leave our site are clearly labeled.
These other sites may send their own cookies to users, collect data,
or solicit personal information. The privacy policies and procedures
described here for FSAdownload will not apply to any external links.
We encourage you to read the privacy policies of any site you link
to from ours, especially if you share any personal information.
Be informed. You are the person best qualified to protect your own
privacy.
The
user is not identified in the collection of non-personal information.
|
2.
Why is Privacy Protected Information Being Collected?
No information is collected on the Website that either directly identifies
an individual user
of the Website (i.e. Social Security Number, name, address or other
identifying number or
code, telephone number, or e-mail address) or that is intended to
be used to identify a
specific user of the Website in conjunction with any other data.
|
3.
How Will FSA Use Any Privacy Protected Information Provided?
No information is collected on the Website that either directly identifies
an individual
website user (i.e. Social Security Number, name, address or other
identifying number or
code, telephone number, or e-mail address) or that is intended to
be used to identify a
specific user of the Website in conjunction with any other data.
|
4.
Will Any Privacy Protected Information Collected On This Website Be
Shared With
Any Other Agency or Entity?
No information is collected on the Website that either directly identifies
an individual user
of the Website (i.e. Social Security Number, name, address or other
identifying number or
code, telephone number, or e-mail address) or that is intended to
be used to identify a
specific user of the Website in conjunction with any other data.
|
5.
Describe The Notice or Opportunities For Consent That Would Be or
Are Provided To Individuals About Privacy Protected Information That
Is Collected And How That Information Is Shared With Other Organizations.
The Website is a government agency website that financial aid administrators
from participating institutions of higher education access. Since
no privacy protected information is collected on the Website, notice
or opportunities for consent are not required.
|
6.
How Will The Information Be Secured?
The completion of system security plans is a requirement of the Office
of Management and Budget (OMB) Circular A-130, "Management of
Federal Information Resources," Appendix III, "Security
of Federal Automated Information Resources," and Public Law 100-235,
"Computer Security Act of 1987." The CPS's security plan,
which includes the FSAdownload Website, demonstrates the Website's
compliance with the Information Technology (IT) requirements mandated
by Federal law and policy. The security plan contains details regarding
the Risk Assessment conducted for the Website, as well as the security
controls (hardware/software/facilities/personnel) in place to mitigate
any identified risks to the information collected on the Website.
Management, operational, and technical security controls are in place
for the Website. Those controls encompassing personnel, physical environment
access, contingency plans, disaster recovery, and identification and
authentication procedures. The Website is currently in the operations/maintenance
phase of the life cycle. As such, the following functions are being
performed: security operations and administration, operational assurance,
audits, and monitoring. The SSO for the Website is Mal Chernow, Management
and Program Analyst, (202) 377-3351.
|
7.
Is A System Of Records Being Created Or Updated With The Collection
Of This
Information?
No. It is not necessary because no information is collected on the
Website that either
directly identifies an individual user of the Website (i.e. Social
Security Number, name,
address or other identifying number or code, telephone number, or
e-mail address) or that
is intended to be used to identify a specific user of the Website
in conjunction with any
other data.
|
8.
List The Web Addresses (Known or Planned) That Will Have A Privacy
Policy
http://FSAdownload.ed.gov.
|
|
|