116th CONGRESS 2d Session |
To explicitly make unauthorized access to Department of Education information technology systems and the misuse of identification devices issued by the Department of Education a criminal act.
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
This Act may be cited as the “Stop Student Debt Relief Scams Act of 2019”.
(a) In General.—Section 490 of the Higher Education Act of 1965 (20 U.S.C. 1097) is amended by adding at the end the following:
“(e) Access to Department of Education Information Technology Systems for fraud, commercial advantage, or private financial gain.—Any person who knowingly uses an access device, as defined in section 1029(e)(1) of title 18, United States Code, issued to another person or obtained by fraud or false statement to access Department information technology systems for purposes of obtaining commercial advantage or private financial gain, or in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or of any State, shall be fined not more than $20,000, imprisoned for not more than 5 years, or both.”.
(b) Guidance.—The Secretary shall issue guidance regarding the use of access devices in a manner that complies with this Act, and the amendments made by this Act.
(c) Effective date of penalties.—Notwithstanding section 6, the penalties described in section 490(e) of the Higher Education Act of 1965 (20 U.S.C. 1097), as added by subsection (a), shall take effect the day after the date on which the Secretary issues guidance regarding the use of access devices, as described in subsection (b).
Section 485(b) of the Higher Education Act of 1965 (20 U.S.C. 1092(b)) is amended—
(1) in clause (viii), by striking “and” after the semicolon; and
(2) by adding at the end the following:
“(I) the borrower may be contacted during the repayment period by third-party student debt relief companies;
“(II) the borrower should use caution when dealing with those companies; and
“(III) the services that those companies typically provide are already offered to borrowers free of charge through the Department or the borrower's servicer; and”.
SEC. 4. Prevention of improper access.
Section 485B of the Higher Education Act of 1965 (20 U.S.C. 1092b) is amended—
(1) by redesignating subsections (e) through (h) as subsections (f) through (i), respectively;
(A) in paragraph (5)(C), by striking “and” after the semicolon;
(B) in paragraph (6)(C), by striking the period at the end and inserting “; and”; and
(C) by adding at the end the following:
“(7) preventing access to the data system and any other system used to administer a program under this title by any person or entity for the purpose of assisting a student in managing loan repayment or applying for any repayment plan, consolidation loan, or other benefit authorized by this title, unless such access meets the requirements described in subsection (e).”;
(3) by inserting after subsection (d) the following:
“(e) Requirements for third-Party data system access.—
“(1) IN GENERAL.—As provided in paragraph (7) of subsection (d), an authorized person or entity described in paragraph (2) may access the data system and any other system used to administer a program under this title if that access—
“(A) is in compliance with terms of service, information security standards, and a code of conduct which shall be established by the Secretary and published in the Federal Register;
“(B) is obtained using an access device (as defined in section 1029(e)(1) of title 18, United States Code) issued by the Secretary to the authorized person or entity; and
“(C) is obtained without using any access device (as defined in section 1029(e)(1) of title 18, United States Code) issued by the Secretary to a student, borrower, or parent.
“(2) AUTHORIZED PERSON OR ENTITY.—An authorized person or entity described in this paragraph means—
“(A) a guaranty agency, eligible lender, or eligible institution, or a third-party organization acting on behalf of a guaranty agency, eligible lender, or eligible institution, that is in compliance with applicable Federal law (including regulations and guidance); or
“(B) a licensed attorney representing a student, borrower, or parent, or another individual who works for a Federal, State, local, or Tribal government or agency, or for a nonprofit organization, providing financial or student loan repayment counseling to a student, borrower, or parent, if—
“(i) that attorney or other individual has never engaged in unfair, deceptive, or abusive practices, as determined by the Secretary;
“(ii) that attorney or other individual does not work for an entity that has engaged in unfair, deceptive, or abusive practices (including an entity that is owned or operated by a person or entity that engaged in such practices), as determined by the Secretary;
“(iii) system access is provided only through a separate point of entry; and
“(iv) the attorney or other individual has consent from the relevant student, borrower, or parent to access the system.”; and
(4) in subsection (f)(1), as redesignated by paragraph (1)—
(A) in subparagraph (A), by striking “student and parent” and inserting “student, borrower, and parent”;
(B) by redesignating subparagraphs (C) and (D) as subparagraphs (D) and (E), respectively;
(C) by inserting after subparagraph (B) the following:
“(C) the reduction in improper data system access as described in subsection (d)(7);”; and
(D) by striking subparagraph (E), as redesignated by subparagraph (B), and inserting the following:
“(E) any protocols, codes of conduct, terms of service, or information security standards developed under paragraphs (6) or (7) of subsection (d) during the preceding fiscal year.”.
SEC. 5. Agency prevention and detection.
Section 141(b)(2) of the Higher Education Act of 1965 (20 U.S.C. 1018(b)(2)) is amended by adding at the end the following:
“(C) Taking action to prevent and address the improper use of access devices, as described in section 485B(d)(7), including by—
“(i) detecting common patterns of improper use of any system that processes payments on Federal Direct Loans or other Department information technology systems;
“(ii) maintaining a reporting system for contractors involved in the processing of payments on Federal Direct Loans in order to allow those contractors to alert the Secretary of potentially improper use of Department information technology systems;
“(iii) proactively contacting Federal student loan borrowers whose Federal student loan accounts demonstrate a likelihood of improper use in order to warn those borrowers of suspicious activity or potential fraud regarding their Federal student loan accounts; and
“(iv) providing clear and simple disclosures in communications with borrowers who are applying for or requesting assistance with Federal Direct Loan programs (including assistance or applications regarding income-driven repayment, forbearance, deferment, consolidation, rehabilitation, cancellation, and forgiveness) to ensure that borrowers are aware that the Department will never require borrowers to pay for such assistance or applications.”.
This Act, and the amendments made by this Act, shall take effect on the date that is 180 days after the date of enactment of this Act.
Passed the Senate December 1, 2020.
Attest:
Secretary
| |||||
AN ACT | |||||
To explicitly make unauthorized access to Department of Education information technology systems
and the misuse of identification devices issued by the Department of
Education a criminal act. |