Higher education IT leaders warn that institutional data increasingly exists outside approved systems—a phenomenon termed “shadow data”—creating new FERPA, privacy, and security risks. As colleges adopt third‑party analytics, cloud platforms, and AI tools, student information moves across devices and apps without IT oversight. Kathe Pelletier and other compliance specialists highlight how unsanctioned spreadsheets, collaboration tools, and cloud storage can expose sensitive records and undermine governance. Institutions must inventory shadow data, enforce procurement and data‑handling standards, and embed privacy and retention policies into AI and analytics projects. For compliance officers and registrars, the issue elevates the need for cross‑campus governance: clear ownership, technical controls, and auditing to prevent improper disclosures or regulatory violations that could jeopardize federal funding and institutional reputations.