Cybersecurity & Privacy in the Higher Education Industry

People working at the library

Practical Cybersecurity and Privacy Counseling, Tailored to Meet the Real-World Needs of Colleges and Universities

Colleges and universities collect, process, and create enormous amounts of data, much of which is sensitive: student education records; student, faculty, and staff health and financial information; and the university’s own intellectual property. From FERPA and HIPAA to GDPR and state breach notification laws, the patchwork of privacy-related laws and regulations is dizzying, and the consequences of a loss or inadvertent disclosure of data can be devastating and can include substantial fines. Data privacy and cybersecurity are inextricably linked, and both fields are riddled with challenges and legal risks.

Saul Ewing’s Cybersecurity & Privacy professionals work collaboratively to support our higher education clients at all stages and from all angles: we advise on compliance with privacy regulations and cybersecurity preparedness; we guide them through crisis management when a data security incident occurs; and we offer a full range of post-incident services. Our interdisciplinary approach means that attorneys in different legal fields — corporate, insurance, intellectual property, white collar crime and litigation — provide our college and university clients with well-rounded, innovative solutions. We also partner with insurance companies, forensic data technology firms and PR specialists to develop approaches and solutions to help protect our clients’ resources, property and reputations. 


Key Contacts
Alexander Bilus Headshot
Evan Foster Headshot
View all related professionals

Being prepared in the constantly evolving landscape of privacy regulations and cybersecurity threats requires those who create, collect or use data to remain abreast of the latest changes. Our team is here to help our college and university clients do that with a range of services that include:

Data Privacy Compliance and Pre-Cybersecurity Incident Preparation

  • Strategic counseling and board governance
  • Regulatory matters and internal compliance
  • Institutional data privacy and information governance programs
  • Development and review of employee contracts
  • Comprehensive cybersecurity preparedness
  • Counseling on compliance with the European Union’s General Data Protection Regulation (GDPR)
  • Privacy risk review for big data analytics and advice on technology development
  • Review of vendor agreements for data storage and other contracted services
  • Pre-event evaluation of insurance coverage for cyber-risks
  • Specialist referrals, including computer security specialists and public relations professionals

Post-Cybersecurity Incident Defense

  • Defense of government investigation/proceedings
  • Data privacy and cybersecurity litigation
  • Ongoing public relations assistance
  • Forensic data analysis
  • Loss/damage mitigation
  • After-action reviews and lessons learned

Cybersecurity Incident Response and Investigation

  • Immediate (24/7) consultation through our legal team with a forensic data technology specialist to minimize the effects of an attack or breach
  • Post-event evaluation of insurance claim
  • Advice and assistance with reporting to authorities, if required
  • Advice and assistance with reporting to affected parties, as required/appropriate
  • Consultation with public relations professionals to manage messaging to students, faculty, staff and media
Related Insights See all related insights