FERPA's primary goal is to protect student privacy, but it also has to be aware of security issues. In 2007, a student at Virginia Tech named Seung-Hui Cho provided a nationwide scare by killing 32 people in one of the deadliest shooting sprees in U.S. history. Cho was diagnosed with severe anxiety disorder, selective mutism, and was thought to be a possible schizophrenic. However, the school was not away of his medical issues because of federal privacy laws. FERPA was widely criticized throughout the country. In addition, the USA Patriot Act and the Campus Sex Crimes Prevention Act clashed with FERPA regulations. It was clear that a sweeping overhaul of the law was necessary.
In 2008, the federal government approved a significant update to FERPA. The new laws took away some student privacy rights in the name of school security. It gave schools more power to share information about a student without consent when they believe the health and safety of the student or others is in jeopardy. These situations include terrorist threats, information about sex offenders, health emergencies, and general campus violations. It also gave schools the power to disclose information to certain including state auditors, other students with a legitimate educational interest, other institutions, and parents of financially dependent students. In response to technological advances, FERPA extended its laws to students who take classes online. Lastly, the new law ensures that personal identifiers such as Social Security numbers and student ID numbers should only be used for private purposes, such as confirming an account and purchasing items. Because of this, the law banned the use of these identifiers on student directories.
The revision of FERPA is an appropriate response to the country's growing intolerance of terrorist activities. It is important that students have rights to protect their information, but it is fair that campus security trumps this.