Many institutions have developed a privacy approach for their legacy and business systems. For third-party hosted applications, institutions may have a contract in place that specifies privacy requirements. What we don't have a grip on are the web-based collaborative applications, such as wikis and blogs, where we neither have a comprehensive policy nor a contract to govern privacy or data use. What are the privacy pitfalls and requirements for each of these three categories? This session will explore case studies of various models in place across higher education.