Gaann Pia 2012

Privacy Impact Assessment

for the

Graduate Assistance in Areas of National Need (GAANN)

Performance Report System

Date

April 3, 2012

Contact Point

System Owner: Katie Blanding, Director, SSB

Author: Rebecca Green, GAANN Program Manager

Office of Postsecondary Education

U.S. Department of Education

1. What information will be collected for the system (e.g., name, SSN, address, income info, etc.)?

The Graduate Assistance in Areas of National Need (GAANN) program is a program that awards fellowships through academic institutions of higher education. Both the Annual Performance Report (APR) and the Final Performance Report (FPR) collect individual student records provided by the grantee institution. The individual student records contain such information as the student’s name, citizenship status, race and ethnicity, and education and financial data.

2. Why is this information being collected (i.e., how is this information necessary to the purpose of the program?).

The information contained in this system is being collected to assist in monitoring grantee performance and to determine program outcomes in response to the requirements of the Government Performance and Results Act (GPRA). GPRA does not specifically require the collection of individual participant records with personal information. However, to determine if the goals of the program are being met, the academic progress of program participants must be tracked over multiple years. Collecting name, citizenship, race and ethnicity, student education and financial information is the most reliable method for tracking a student during the grant period to determine program effectiveness and grantee compliance. Although the collection of this information is not required by statute, it serves a distinct business need of the Department. The collection of this information serves as an identifier for matching participant records during the period of the grant and tracking those students during the grant period. The information collected is compiled for the three program goals:

1) Graduate school completion: the percentage of GAANN Fellows completing the terminal degree in the designated areas of national need;

2) Enrollment of targeted populations: the percentage of GAANN Fellows from traditionally underrepresented groups; and

3) Time-to-Degree: the median time to completion of Master’s and Doctorate degrees for GAANN students.

Grantees are required to submit a supplement to the FPR two years after the expiration of their GAANN grant. This will provide updated academic and employment outcomes of each GAANN Fellow reported on the FPR submitted two years earlier. The information collected will allow the program to demonstrate the efficiency and effectiveness of the program.

3. How will this information be used (e.g., to verify existing data)?

The Department of Education (Department) uses APR and FPR data to: (1) evaluate program accomplishments; (2) demonstrate program effectiveness, and (3) aid in compliance monitoring.

Collecting performance report data on an annual basis provides the Department with the ability to assess each grantee’s progress in meeting the program’ s goals and objectives and to determine compliance with the statute and program regulations. APR and FPA data has also been instrumental in determining whether grantees are entitled to continuation funding by analyzing financial data submitted by grantees.

The data collected from the FPR also produces data for the web-based software platform the Department uses that extrapolates data from the FPR in a consistent format. This data enables the Department to meet the requirements of GPRA.

With the updates provided to the supplemental FPR two years after a grant ends, we will be able to capture updated academic and employment status for fellows previously reported. This will provide the Department with an opportunity to collect more complete performance data for GPRA.

4. Will this information be shared with any other agency or entity? If so, with which agency or agencies/entities?

Department staff and one contractual employee have shared access to the performance-based data. The contractual employee maintains a web-based database to collect APR and FPR data and to develop reports to meet the requirements of GPRA.

5. Describe the notice or opportunities for consent that are provided to individuals about what information is collected and how that information is used or shared (e.g., posted Privacy Notice).

Institutions of higher education that receive a GAANN grant are required to submit APR and FPR data. These OMB approved documents require grantees to submit student-level data on each student served. Institutions that use the program’s web-based software must read a statement, and login to access the system used for data collection. Prior to gaining access to the system, grantees must read the following notices:

Warning

This is a United States Department of Education computer system, which may be accessed and used only for official Government business by authorized personnel. Unauthorized access or use of this computer system may subject violators to criminal, civil, and/or administrative action.

Use of this network constitutes consent to monitoring, retrieval, and disclosures of any information stored within the network for any purpose including criminal prosecution.

Privacy Act

This system contains personal information protected under the provisions of the Privacy Act of 1974, 5 U.S.C. § 552a -- as amended. Violations of the provisions of the Act may subject the offender to criminal penalties.

6. How will the information be secured?

Performance-based data submitted by grantees contains confidential student-based information. This information is collected through a secured Website that meets the Departments’ rules and standards for security of sensitive data. The data reside in a secured facility in a secured server behind a Department approved firewall system that continuously monitors for intrusion and unauthorized access. The IT contractor security staff is notified of Windows security updates and view server security status reports and applies updates as needed and uses anti-virus software on all servers and workstations.

The data collection site requires grantees to log in with a Department issued login ID and password. All screens and data transfers are encrypted and transmitted using HTTPS protocols. The IT contractor transfers the data to the analysis contractor via a secured FTP site. As with the IT contractor, the data analysis contractor’s security program is compliant with federal government regulation and NIST standards.

Only contractor staff that supports the data collection or data analysis and a small number of Department staff are allowed access to the data. Contractor staff has appropriate security clearances and also signs confidentiality and non-disclosure agreements to protect against unauthorized disclosure of confidential information.

7. Is a system of records being created or updated with the collection of this information under the Privacy Act?

No. This is an update of the PIA submitted with the information clearance in 2009. The information collected is compiled to show grantee progress. We do not intent to have a system of records. One is not being created.