From the U.S. Government Accountability Office, www.gao.gov Transcript for: Protecting Students' Information When Applying for Federal Student Aid Description: The Education Department and schools gather personal information on the millions of students receiving aid each year. How well is that information protected? Related GAO Work: GAO-18-121: Federal Student Aid: Better Program Management and Oversight of Postsecondary Schools Needed to Protect Student Information Released: December 2017 [ Background Music ] [ Nick Marinos: ] The ultimate responsibility is on the school to report when it identifies a breach to the Department of Education. [ Sarah Kaczmarek: ] Welcome to GAO's Watchdog Report, your source for news and information from the U.S. Government Accountability Office. I'm Sarah Kaczmarek. The U.S. Department of Education oversees the award of billions of dollars in federal aid to millions of students each year. To do this, the department, universities, colleges, and other institutions gather and share a wide variety of personal information, including sensitive items like Social Security numbers. Recently, I sat down with Nick Marinos, a director in our Information Technology team, to talk about GAO's new report on the protection of student aid information. First, I asked Nick what information do schools and the Department of Education collect from students, and what do they do with that information? [ Nick Marinos: ] So, as you're probably aware, the department oversees the award of billions of dollars in financial student assistance on an annual basis to millions of eligible students. In order to make that happen, they have to collect a substantial amount of information, not only on the students, but also on family members and others. For example, you know, students have to apply using the Free Application for Student Aid, the FAFSA form, and that form requests a lot of information on the students, themselves, including Social Security number, driver's license number, citizenship status, drug convictions they may have, and savings account information. But, they also request information regarding their parents, too--similar information, Social Security number, as well as asset information, too. [ Sarah Kaczmarek: ] And, have there been any big data breaches of students', or also, parents' personal information? [ Nick Marinos: ] So, between 2013 and 2016, 13 schools reported physical or electronic data breaches to the department, so they're required to provide that information to the department. Those breaches included students' personal information being available for public viewing, a stolen laptop that contained students' names, informations, transcript information, as well as medical files being removed from a school during a building break in. Now, out of 6,200 schools, 13 doesn't sound like a lot, but keep in mind that it seems like on a weekly basis that we hear about significant data breaches, both in the public and private sectors, so the risk is high when you've got large amounts of data. [ Sarah Kaczmarek: ] So, in mentioning these data breaches, if I put myself in the perspective of a student or a parent who's put in my personal information to apply for federal student aid, and I think my information may have been compromised, what are my options here? [ Nick Marinos: ] So, ultimately, in order to receive student financial aid, you're going to have to fill out forms and provide that information. The ultimate responsibility is on the school to report when it identifies a breach to the Department of Education. [ Sarah Kaczmarek: ] So, let's talk more about the schools and the department. What are they doing to safeguard people's information, and where are they falling short? [ Nick Marinos: ] We went out with a survey to several hundred schools to get a sense of exactly that, and what we found is that the vast majority, over 95 percent, said that they had policies in place for how they're going to manage that information, and how to protect it, as well. And, those policies, however, when we looked at some selected schools, didn't always meet expectations. For example, there were cases where actually putting down information on how they're going to protect the information was vague or unclear. On the department side, there is a responsibility to proactively oversee these schools to ensure that they are adequately protecting the information, and we saw the department fall short in that area. [ Background Music ] [ Sarah Kaczmarek: ] With data breaches regularly in the news, I was curious about what might be done to reduce that potential threat. I asked Nick to walk me through his team's recommendations to better protect students' and parents' personal information. [ Nick Marinos: ] We made seven recommendations to the Department of Education, summarizing them kind of in two buckets. The first is recommendations for FSA, for the Federal Student Aid office, to improve its own policies and procedures on how it manages and protects information that it collects on students. And then second, for it to improve its oversight activities, to make sure that it has procedures in place, and they're going out and looking at how the schools themselves are adequately protecting the personal information that they also maintain. [ Sarah Kaczmarek: ] So, taking a step back, looking at the bottom line here, what do you see is the key takeaway or message, especially for students and parents, from your report? [ Nick Marinos: ] I think the bottom line is that it takes a whole lot of personal information to make the student financial assistance programs work and, as a result, what we found was that there are definitely needed improvements to be made, both in how the Department of Education manages that information, itself, and how it ensures that participating schools are protecting the information that they also maintain. [ Background Music ] [ Sarah Kaczmarek: ] Thanks for listening to the Watchdog Report. To hear more podcasts, subscribe to us on Apple Podcasts. [ Background Music ] [ Sarah Kaczmarek: ] For more from the congressional watchdog, the U.S. Government Accountability Office, visit us at GAO.gov.