New student-privacy rules that take effect this month address two burgeoning challenges in higher education: shielding students from computer-related identity theft and protecting them from peers identified as a potential threat by faculty members. The altered privacy rules were outlined in the government's newly revised Family Educational Rights and Privacy Act, known as FERPA, which went into effect Jan. 8. The federal Education Department (ED) released the new FERPA guidelines in response to both the April 2007 massacre at Virginia Tech and the growing threat of identity theft on campus. Seung Hui Cho, a Virginia Tech student, killed 33 people, including himself, months after Cho's behavior disturbed professors and other students. Many faculty members wanted to notify Cho's parents of his behavior, but they thought it would violate FERPA rules.
The FERPA update, for the first time, now states that privacy laws protect online students as well. The rules do not stipulate that colleges and universities must alert students when their personal information is stolen. However, most states have passed laws requiring colleges to notify students whose information has been compromised. The rules state that students' identification numbers–which have replaced Social Security numbers as identifiers on many college campuses–cannot 'be used to gain access to education records except when used in conjunction with one or more factors' that 'authenticate the student's identity,' such as a password.