Skip Navigation Federal Student Aid, U.S. Department of Education Common Origination and Disbursement

Privacy on This Website

Thank you for visiting the Common Origination and Disbursement website. Our policy is simple: We collect no personal information about a visitor unless he or she chooses to provide that information to us. When we do collect information, we collect only the information we need to provide assistance. We maintain non-personal information on all authorized users of the system, which are those who have been given a login ID and password, for user account maintenance purposes.

Non-Personal Information That We Collect

If you do nothing but browse our pages during your visit, our website's operating system will automatically record general information about your visit.

Our Web operating system will record the following information:

  • Internet domain of your Internet service provider, such as or, if you use a private internet access account, or, if you connect from a college or university domain

  • Type and version of the web browser that you are using, such as Netscape 6.0 or Internet Explorer 5.0

  • Type of operating system that you are using, such as UNIX, Windows, or MacIntosh

  • Date and time of your visit to our site and the pages that you accessed during your visit

  • Address of the previous website that you were visiting if you linked to us from a website

We use this information for statistical analysis to help us make our site more useful to visitors. We do not record information about individual visitors.


This website uses a "cookie" to help visitors use the web site interactively. A cookie is a small file that a website transfers to the user's computer hard disk, usually for the purpose of tracking the user while he or she is connected to that site.

The cookie on this site does not collect any information about you, only about your browser session. The cookie makes it easier for you to use the dynamic features of these webpages, without having to provide the same information over and over again as you move from one page to another. This site uses a "session" cookie so that the information about your session is destroyed automatically shortly after you close your browser -- it is not permanently stored on your computer.

To protect your privacy, be sure to close your browser completely after you have finished conducting business with a website that uses cookies. If you are concerned about the potential use of information gathered from your computer by cookies, you can set your browser to prompt you before it accepts a cookie. Most Internet browsers have settings that let you identify and reject cookies.

Privacy Act Notice

The information contained in the Common Origination and Disbursement system is subject to the Privacy Act of 1974 (as amended). The Common Origination and Disbursement system contains information about private citizens who are receiving federal student financial aid. The U.S. Department of Education and its partners are committed to protecting the privacy of this information. By entering this system, you agree that you are currently an authorized user of the Common Origination and Disbursement system, and that you will comply with the Privacy Act of 1974 (as amended).

As an authorized user of the Common Origination and Disbursement system, you and your school or organization are subject to the Privacy Act of 1974 (as amended), and must, under penalty of law, protect the data contained in this system from unauthorized use. As an authorized user of this system, and by requesting the loan records of borrowers, you agree to the responsibility of protecting the privacy of the students and their loan information.

The information that we maintain about authorized users of the Common Origination and Disbursement system is also protected by the Privacy Act of 1974 (as amended). Authorized user information will not be used for any purpose other than to maintain a listing of current users, the school they are associated with, and their contact information.

Security and Intrusion Detection

For security purposes and to ensure that this service remains available to all authorized users, we use special software programs for monitoring network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage to this government computer system. These programs collect no personally-identifiable information about visitors, do collect information that could help us identify someone attempting to tamper with this website. Except for authorized law enforcement investigations, we make no attempts to identify visitors of this website.

Unauthorized attempts to upload information or change information on this system are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986, and the National Information Infrastructure Protection Act of 1996.

Information You Provide by Contacting Us

If you contact us by sending an electronic mail (e-mail) message, the message will usually contain your return e-mail address. If you include personally-identifying information in your e-mail because you want us to assist you with a specific problem, we may use that information in contacting other federal agencies or our partners, such as colleges, lenders, or state agencies. In other limited circumstances, such as requests from Congress or other parties, we may be required by law to disclose information that you submit.


Section 208 of the E-Government Act of 2002 (P.L.107-347) requires FSA to complete a Privacy Impact Assessment for each new system that collects information from the public through the Internet.

During the Definition Phase of the FSA Solution Lifecycle, the System Security Officer must make sure that the team completes the attached Privacy Impact Assessment Questionnaire, must have it reviewed by the Chief Information Officer or equivalent official, and must file the completed form in the system�s Security Notebook as part of the system�s documentation. This Privacy Impact Assessment must also be made publicly available.

Privacy Impact Assessment Questionnaire

System Name: Common Origination and Disbursement (COD)
System Owner: Keith Wilson
System Manager: William Leith
System Security Officer: Don Dorsey
Privacy Impact Assessment Questionnaire Author: Don Dorsey
Date: 1/22/2008

Officials and organizational components involved in the analysis and review of the Privacy Impact Assessment included the following: Department of Education Office of the Chief Information Officer, Federal Student Aid (FSA) CIO Computer Security Officer, and COD management, including the System Security Officer.

  1. What information will be collected for the system (Ex. Name, Social Security Number, annual income, etc)?
    1. The COD system receives, processes and stores privacy act related data, such as names, social security numbers, current address, date of birth, place of birth, telephone numbers, and dollar amounts.
    2. The general public does not have access to COD.

  2. Why is this information being collected?
  3. The information is provided by the student applicants and the schools participating in the Title IV Higher Education Student Financial Aid Programs to enable the administration of the Federal Title IV grants and loans by the Department. The Title IV loans and grants are used by eligible students to attend those schools.

  4. How will FSA use this information?
    1. FSA/COD uses this student-level detail to book loans, account for awarded grants and to enable the Department to reconcile school cash drawdowns from the Treasury to individual student disbursements.
    2. This information also is used to ensure the respective schools receive the appropriate amount of dollars during the respective time periods.

  5. Will this information be shared with any other agency? If so, with which agency or agencies?
    1. Not routinely (This information can be made available for a civil or criminal law enforcement activity that is authorized by law, upon a written request by the agency).

  6. Describe the notice or opportunities for consent would be/ or are provided to individuals about what information is collected and how that information is shared with others organizations. (e.g., posted Privacy Notice)
    1. Extensive Privacy Act notices are posted at the web site of the Free Application for Federal Student Aid ( The basis for the data sent to COD by colleges is the FAFSA®, which is filled out by student applicants first. The FAFSA® is an OMB approved data collection instrument (OMB #1845-0001)

  7. How will the information be secured?
    1. All information is protected by a PIN or password and is monitored by automated and manual controls.
    2. COD is developed and maintained under a contract with Accenture, and is housed within a secure facility run under a subcontract with TSYS Inc., one of the largest credit card processors in the world.
    3. Interfacing ED systems are operated for the most part within FSA�s Virtual Data Center (VDC), located in Meriden, CT, which provides the respective security controls. The COD data is encrypted as it moves between COD system interfaces.
    4. System administrators outside of the VDC provide comparable security controls to protect the system and the information contained therein.

  8. Is a system of records being created or updated with the collection of this information? (A system of record is created when information can be retrieved from the system by the name of the individual or an identifying number, symbol or other identifying particular assigned to an individual. Also, in responding to this question a helpful reference may be to the system�s System of Record organization step completed in the Definition phase of the Solution Lifecycle process.)
    1. A system of records notification has been submitted to update the previous system of record notification for the Direct Loan Origination System.