The GAO conducted an audit of the Department of Education’s Office of Federal Student Aid, and its partnership with with various entities that are involved primarily in supporting the repayment and collection of student loans, including loan servicers, collection agencies, guaranty agencies, and lending institutions that made loans to students in the past and continue to service those loans.
GAO found that although FSA established oversight policies and procedures for loan servicers and private collection agencies that generally address these key practices, it exercises minimal oversight of lenders’ protection of student data.
FSA officials maintain that the lenders are subject to other legal and regulatory requirements for protecting customer data. However, FSA does not have a process for ensuring lenders are complying with these requirements, and thus lacks assurance that appropriate risk-based safeguards are being effectively implemented, tested, and monitored.
GAO recommends several measures for FSA to take to address this.