Treat the Instructure Canvas "shred logs" as legally unverifiable; align with EU university IR teams on per-institution deadline today

For any Swiss / EU higher-education institution running Canvas: continue to treat the dataset as compromised regardless of Instructure's bulk-settlement disclosure; the platform-wide "shred logs" are not forensically meaningful proof of deletion. Verify whether the institution received the per-institution leak notice and validate that local Canvas-derived data (course rosters, communications, gradebooks) is included in the GDPR / Swiss DSG breach-notification scope. Ensure student-identity exposure communications cover the longer-tail credential-stuffing risk against federated SSO endpoints over the next quarter.