As discussed in a previous DBR on Data post, the U.S. Department of Education (“ED”) in recent years has repeatedly emphasized the importance of higher education institutions taking all appropriate measures to secure and protect their data systems and data from breaches and inadvertent disclosures. The threats to educational institutions’ data are real, recurring and well-documented. The University of Maryland reported in 2014 that a computer system breach compromised more than 300,000 personal records for faculty, staff and students. A private cybersecurity firm reported that Chinese hackers targeted research databases at more than two dozen universities in the 2017-18 timeframe. In 2019, applicants to Grinnell College, Hamilton College and Oberlin College discovered their admissions files were subject to a ransomware attack. These instances are just a few recent examples of significant data breaches in the education sector.