The widespread adoption of generative AI (GenAI) in higher education poses significant privacy and security risks—including unauthorized disclosure of student sensitive data, misuse of training data, and lack of end-user control—yet existing institutional policies largely neglect privacy and security dimensions of technical governance. Method: This study conducts the first systematic, cross-regional qualitative comparative analysis of GenAI usage guidelines issued by universities across 12 countries to identify critical gaps in policy coverage, implementation barriers, and context-specific adaptability. Contribution/Results: We propose a scholarly-ecosystem–oriented governance framework emphasizing data minimization, on-premises or localized processing, and co-enhancement of digital literacy among faculty and students. Grounded in empirical evidence, the framework offers actionable pathways for institutions to develop GenAI governance mechanisms that balance pedagogical innovation with regulatory compliance and ethical accountability.

Educators and learners worldwide are embracing the rise of Generative Artificial Intelligence (GenAI) as it reshapes higher education. However, GenAI also raises significant privacy and security concerns, as models and privacy-sensitive user data, such as student records, may be misused by service providers. Unfortunately, end-users often have little awareness of or control over how these models operate. To address these concerns, universities are developing institutional policies to guide GenAI use while safeguarding security and privacy. This work examines these emerging policies and guidelines, with a particular focus on the often-overlooked privacy and security dimensions of GenAI integration in higher education, alongside other academic values. Through a qualitative analysis of GenAI usage guidelines from universities across 12 countries, we identify key challenges and opportunities institutions face in providing effective privacy and security protections, including the need for GenAI safeguards tailored specifically to the academic context.