Data Sharing Policy

Financial Aid Data Sharing and Safeguarding Policy Agreement

Table of Contents

  • Purpose and Introduction
  • Federal Tax Information Data Defined
  • WSU SFS Internal Policies to Safeguard FAFSA and FTI Information
    • Federal System Usage to Access Financial Aid and/or FTI Data
    • PeopleSoft Access for Financial Aid Data
    • Accessing FAFSA, Financial aid, and/or FTI Data
    • Passwords, Tokens and Privacy
    • Printing Data and Maintaining Print Copies of Financial Aid and/or FTI Data
    • Student Financial Services Financial Aid Data Sharing Policy Agreement

Purpose and Introduction

Student and parent data that is received from the FAFSA (Free Application for Federal Student Aid) is highly confidential. Access to that data, including but not limited to income and asset information, social security numbers, tax data, and special circumstances is protected under several laws. These include:

  • FERPA (Family Educational Rights and Privacy Act)
  • Sections 483(a)(3)(E) and 485B(d)(2) of the Higher Education Act (HEA), as amended
  • Beginning with the 2024/25 FAFSA cycle, the Internal Revenue Code (IRC) of 1986, as amended

This Financial Aid Data Sharing and Safeguarding Policy Agreement outlines the guidelines and procedures for the responsible sharing of financial aid-related data specifically at Washington State University (WSU). This agreement is designed to ensure the confidentiality, integrity, and appropriate use of financial aid data while facilitating necessary sharing among authorized entities for legitimate purposes. Washington State University (WSU) is committed to compliance with these laws and protecting the privacy of the sensitive information that is required to administer financial aid programs. This policy was developed to ensure a shared understanding of data laws, policies, and best practices for all WSU employees who are granted access to these data.

Access to financial aid data is controlled, as required by law. The Assistant Vice Provost of Student Financial Services (SFS) as well as Associate Director of Operations and Compliance for SFS are the Functional Leads for determining one’s financial aid access. In addition, the Associate Director of Operations and Compliance in SFS is designated as the Primary Destination Point Administrator (PDPA) for granting and maintaining appropriate access to federal financial aid systems, including but not limited to NSLDS, COD, FAA Access to CPS (soon to be called “FPS”), FAFSA Partner Connect, and SAIG mailboxes. The Associate Director of systems is the Secondary DPA and can also perform these duties.

NEW Federal Tax Information (FTI) governed by the Internal Revenue Code: Additional information about this change is available in Electronic Announcement (EA) GEN 23-24, published by Federal Student Aid on May 13, 2023. Beginning with the 2024/25 FAFSA cycle, Federal Student Aid (an office of the US Department of Education) has established a direct data exchange between the FAFSA and the IRS to transfer tax information. As a result of this direct data exchange, any data elements that are obtained from the IRS are classified as FTI and are subject to stricter data security guidelines than FAFSA data elements. It is important that all WSU employees with access to the following data elements understand that unauthorized inspection of or disclosure of a tax return or tax return information is punishable as a felony and subject to fines and imprisonment. Taxpayers may also bring civil action against an officer or employee of the university who has “inspected or disclosed, knowingly or by reason of negligence” taxpayer information.

FTI data subject to IRC, as defined in EA GEN 23-24, includes:

  • Tax Year (ex. Award Year 2024/25 is based on 2022 tax year information from the IRS
  • Tax Filing Status (e.g. “Head of Household”, “Married Filing Jointly”, etc.)
  • Adjusted Gross Income (AGI)
  • Number of Exemptions and Number of Dependents
  • Income Earned from Work
  • Tax Paid
  • Educational Credits
  • Untaxed IRA Distributions
  • IRA Deductible and Payments
  • Tax Exempt Interest
  • Untaxed Pension Amounts
  • Schedule C Net Profit/Loss
  • Indicators for Schedules A, B, D, E, F, H
  • IRS Response Code from ISIR

WSU SFS Internal Policies to Safeguard FAFSA and FTI Information

Any university staff members with access to financial aid, FAFSA, and/or FTI information must adhere to the following:

Federal System Usage to Access Financial Aid and/or FTI Data

Requests for access to NSLDS, COD, FAA Access to CPS (FPS), SAIG, or FSA Partner Connect are sent via email to the SFS Associate Director of Operations and Compliance with the employees immediate supervisor copied.

Access will be reviewed and, if granted, The PDPA will request for personal information from the user in order to complete the appropriate paperwork. The user will then review and sign the documents required by Federal Student Aid.

As soon as an employee is no longer employed in their current role and their role changes to no longer require access to federal student aid systems, and/or transfers to another department at WSU, the direct supervisor must notify the Associate Director of Operations and Compliance in SFS so that access can be removed promptly. This is in addition to each department’s process to deactivate PeopleSoft and Email access.

PeopleSoft Access for Financial Aid Data

The security process for access to financial aid data in PeopleSoft currently begins with a request to the Crimson Service Desk. Based on the specific request those managing the email tickets will add what they believe to be appropriate roles and then a workflow is sent through to the SFS AVP and Associate Director of Operations and Compliance for functional approval. In this request the approver can also submit a decline and state the reason why the access was declined.

Accessing FAFSA, Financial aid, and/or FTI Data

Every record accessed that contains financial aid/FTI data must be based on a business need-to-know and must be for the purpose of administering federal financial aid, state aid, and/or institutional aid. Data may not be viewed for any other purpose, including reviewing one’s own record or that of their dependent. The SAI (derived FAFSA data) and other FAFSA data may be disclosed to staff in other university offices provided that their activity is considered under that application, award, and administration of student financial aid programs. If receiving a request to provide all ISIR information to a student written consent is not needed as both the applicant and the contributor through the FAFSA form have consented to the disclosure and discussion of FTI data, however it must only be those that contributed to the completion of the FAFSA form.

Employees must not use their professional access to view their own file or that of a family member. If you come across a file of a family member, notify your direct supervisor to have the file routed to another member of the team. Though most of these cases do not cause an actual conflict of interest, even the perception of preferential treatment should be avoided.

Passwords, Tokens and Privacy

All passwords that provide access to financial aid and/or FTI data are intended for the designated employee only. Passwords and Federal Student Aid tokens must not be shared, and staff must not use their password to log anyone into any system with financial aid and/or FTI information. If an employee or student employee needs access to a system to complete their job, they should go through the process to request access. Supervisors may email to request access to specific PeopleSoft screens and may email the SFS Associate Director of Operations and Compliance to request access to Federal Student Aid systems (e.g. NSLDS, COD). As a best practice, passwords should not be written down in a place that can be accessed by anyone other than the employee. To safeguard data from unintentional viewing from another person, it is best practice to avoid viewing financial aid and/or FTI data on a computer that is viewable to someone else. Also, it is a good idea to lock your computer anytime you leave your desk. It is also expected that all employees will comply with WSU’s data privacy and electronic data access security policies.

Printing Data and Maintaining Print Copies of Financial Aid and/or FTI Data

In general, staff should be careful when printing sensitive data, to ensure it is not left unattended on a printer or left somewhere unintentionally. Any printed document that contains Financial Aid and/or FTI data must be stored securely. It must not be left out, whether on a desk or in an unlocked cabinet when the employee is not using it. At the end of each workday, any papers with Financial Aid and/or FTI data must be stored in a locked unit or shredded.

Student Financial Services Financial Aid Data Sharing Policy Agreement

All Washington State University employees with access to any financial aid data must sign the following agreement. This agreement only needs to be completed once.

Financial Aid Data Sharing Agreement link for WSU employees