Consumer confidence in the ability of companies to protect their users’ private data is falling. Yet, while applying for college financial aid often requires families to submit an incredible amount of personal information online — including tax details and Social Security numbers — there are protections in place for information submitted on the Free Application for Federal Student Aid, or FAFSA.
Financial data and student information provided to the U.S. Department of Education and higher education institutions are subject to numerous restrictions. The Gramm-Leach-Bliley Act, for example, protects the security and confidentiality of customer financial information, and the Family Educational Rights and Privacy Act, or FERPA, protects the privacy of student education records.
However, these protections aren’t perfect. Students and families can still fall victim to threats like identity theft; phishing attempts that aim to steal users’ personal information; and data brokers that collect and sell details about consumers while they are applying for financial aid — particularly when seeking out private scholarships and other aid — and data breaches do happen, says Amelia Vance, director of youth and education privacy at the Future of Privacy Forum, a nonprofit supporting privacy research and advancement.
“Even the best protected institutions and largest institutions can be hacked by someone proactively going after that information,” she says. “There are definitely concerns, but over the past several years the landscape has changed.”
In 2017, the IRS Data Retrieval Tool, which families can use to import tax information to the FAFSA, was shut down because of a data breach that compromised the personal information of as many as 100,000 taxpayers. Since then, the tool has been reinstated with some security changes, most significantly that student and parent information is encrypted and hidden from view on both the IRS website and on the FAFSA webpages.
More recently, in October 2019, the Department of Education released a feature that hides a student’s Social Security number when he or she begins a FAFSA form without a username and password. Additionally, steps have been taken to simplify the FAFSA application process by allowing for more direct sharing of information from the IRS.
“The IRS tends to be above and beyond protective and have in place really, really strong security systems and backups to those security systems,” Vance says. “FSA (Federal Student Aid) and the Department of Education have had more problems with security as internal audits have shown, but the unintended benefit of FAFSA simplification may well be that those security concerns are less present because there is less data going between agencies that is self-entered or approved by students themselves.”
Brian Kelly, director of the cybersecurity program at EDUCAUSE, a nonprofit association of IT professionals addressing challenges within higher education, says that the greater concern with student data and privacy when applying for financial aid is human error.
“Think of the FAFSA as that data you are entering there is going into a vault. As a parent, as a consumer, working with the FAFSA is as secure as it would be working with any other sort of banking and investment institution,” Kelly says.
More concerning, he says, are issues outside of the official FAFSA form. “We always think about those things we as humans don’t do well on, like the password they use to create the login for the FAFSA — it shouldn’t be their social media password, it shouldn’t be their favorite sports team or their dog’s name, which could be easily found on social media,” he says.
[Read: How to Avoid Student Loan Scams.]
Experts say a few best practices will go a long way toward keeping information secure:
— Passwords should be unique and kept up to date.
— Internet browsers like Safari, Firefox and Chrome should be updated regularly.
— Families should avoid opening emails requesting personal information or clicking emailed links that seem suspicious.
— Specific to the FAFSA, students and parents should never share their FSA ID — which serves as an electronic signature — with someone else, even college counselors.
Once a college or university receives a family’s financial information, the sharing of that information remains limited.
“Because of the use restriction, even within the institution itself, they can’t use the FAFSA data for other reasons,” says Karen McCarthy, director of policy analysis at the National Association of Student Financial Aid Administrators.
“So say if a professor wanted a list of all of the students in his class who were receiving Pell Grants. That professor would not be able to get that information because that FAFSA data and the use of that data would not be for aid purposes,” she says.
While information is generally considered secure when applying for federal student aid, seeking and applying for private scholarships and loans can be riskier. There are fewer legal protections in place for these applicants, and it can be challenging to separate legitimate scholarship organizations from websites and emails looking to collect and sell student data, Vance says.
[Read: How to Avoid Scholarship Scams.]
“Worry about any website that is not official and not the FAFSA. Double check that it’s not a phishing scheme,” she says. “That ‘low interest private loan for college’ in your inbox, and especially those scholarship websites that are asking for incredibly intimate information, a lot of those websites can be fronts for data brokers.”
Trying to fund your education? Get tips and more in the U.S. News Paying for College center.
More from U.S. News
Is Your Data Safe When Applying for Financial Aid? originally appeared on usnews.com