This article discusses the types of breaches commonly faced by higher education institutions and what steps these institutions can take to limit liability and properly respond to potential litigation. Part I will address how data breaches occur, and Part II will outline what kind of data breaches commonly affect colleges and universities, including examples of colleges and universities that have recently experienced those types of breaches. Part III will address the statutes that control how colleges and universities must treat data, react to breaches and notify students. Part IV highlights recent data breaches, how those colleges and universities have dealt with them, and what type of litigation, if any, has resulted. Part V offers advice for college and university counsel on how best to insulate from liability, including timely notification and free credit monitoring services, and how to defend against class actions stemming from a breach. Finally, Part VI addresses potential future regulations that colleges and universities should anticipate having to follow.