THE SIX FEDERAL STATUTES THAT CONTAIN ASPECTS OF PRIVACY PROTECTION ARE EXAMINED, AND THE IMPLICATIONS OF THE FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT, THE PRIVACY ACT OF 1974, THE FAIR CREDIT REPORTING ACT, AND THE FAIR CREDIT BILLING ACT FOR A UNIVERSITY ARE REVIEWED. IT IS CONCLUDED THAT UNIVERSITIES HANDLE THREE TYPES OF DATA SUBJECT TO PRIVACY LEGISLATION: PERSONAL DATA ON STUDENTS, FAMILY FINANCIAL RECORDS SUBMITTED AS PART OF SCHOLARSHIP APPLICATIONS, AND EMPLOYMENT RECORDS FOR UNIVERSITY STAFF. A SERIES OF CHARTS ILLUSTRATE THE PROCESS EMPLOYED BY A TEAM OF STAFF MEMBERS AND EXPERTS AT THE UNIVERSITY OF ILLINOIS TO IDENTIFY TYPES OF DATA WHICH SHOULD BE SAFEGUARDED, TYPES OF LOSS WHICH MIGHT OCCUR, POINTS IN THE DATA-PROCESSING SYSTEM AT WHICH SUCH LOSS MIGHT OCCUR, THE IMPLICATIONS OF EACH TYPE OF LOSS, AND APPROPRIATE SAFEGUARDS. A NARRATIVE SUMMARY TRACES THE REASONING BEHIND EACH CONCLUSION. A SERIES OF QUESTIONNAIRES WAS DESIGNED TO ASSESS THE IMPORTANCE OF EACH TYPE OF DATA. THESE QUESTIONNAIRES COVERED THE FOLLOWING SIX BROAD CATEGORIES OF DATA: INDIVIDUAL STUDENT, INDIVIDUAL STAFF, AGGREGATE FINANCIAL, AGGREGATE INSTITUTIONAL, RESEARCH ADMINISTRATION, AND ACADEMIC. THE INDIVIDUAL STUDENT DATA QUESTIONNAIRE IS REPRODUCED. THIS PAPER DESCRIBES NEITHER THE RESULTS OF THE ANALYSIS NOR THE SAFEGUARDS TAKEN. INSTEAD THE FOCUS IS ON THE PROCESS USED TO IDENTIFY PROBLEMS. IT IS SUGGESTED THAT ALL PUBLIC UNIVERSITIES USE A SIMILAR PROCESS TO ASSESS DATA SECURITY. A BRIEF BIBLIOGRAPHY IS INCLUDED. (GLR)