Also get a password manager which will check HIBP if the password has been breached already, since those are ones you’ll want to target first to change. IMO, if your high value accounts, like bank or email accounts have unique passwords, and there’s not a sign of a breach, I wouldn’t change those. This assumes that MFA is enabled on those high value accounts.

If your school or employer has an MDM solution on their laptop that they issue to you, you have 0% of privacy. You could use DNS over HTTPS which will prevent your DNS queries from being picked up, but the MDM could issue their own CA and even intercept https traffic. They can also record your keystrokes and screen. It would be wise to think of the machine as compromised, just not by a threat actor.

For maximum privacy, only use the devices for the minimal work necessary. Don’t log into anything for personal use, and use a separate device you’ve purchased yourself.