The growth in availability of digital data resources is changing university practice in more ways than most faculty, administrators, and students are aware. Researchers provide open access to their data as a condition for obtaining grant funding or publishing results in journals, leading to an explosion of available scholarly content. Universities have automated many aspects of teaching, instruction, student services, libraries, personnel management, building management, and finance, leading to a profusion of discrete data about the activities of individuals. Many of these data, both research and operational, fall outside privacy regulations such as HIPAA, FERPA, and PII. Universities see great value of these data for learning analytics, faculty evaluation, strategic decisions, and other sensitive matters. Commercial entities, governments, and private individuals also see value in these data and are besieging universities with requests for access. These conflicts pose challenges in balancing obligations for stewardship, trust, privacy, confidentiality – and often academic freedom – with the value of exploiting data for analytical and commercial purposes. This talk, based on a new article in the Berkeley Law and Technology Journal, draws on the pioneering work of the University of California in privacy and information security, data governance, and cyber risk.