Campus leaders are confronting a rise in “shadow data”—institutional records captured and stored outside approved IT systems—raising FERPA, privacy and compliance risks as universities expand analytics, cloud services and AI. The issue occurs when departmental datasets, spreadsheets or third‑party tools hold student information without institutional oversight, creating blind spots for IT and compliance teams. Higher‑education risk officers and CIOs say shadow data undermines governance and complicates reporting requirements; sources cited enterprise privacy leads warning that unsanctioned datasets can trigger FERPA violations and data‑breach exposure. The problem intensifies as institutions adopt AI and external platforms that may ingest sensitive records. Experts recommend inventorying departmental data flows, tightening procurement and vendor onboarding, and expanding staff training so shadow data is identified before it becomes a regulatory or reputational incident.