How would you handle privacy regulations in an academic data environment such as FERPA or GDPR at Duke University?