Privacy Policy

As an institution dealing with a variety of personal information such as information of students (including applicants), alumni, employees, donors, event participants and etc., the University recognizes its social responsibility to use Personal Information only when necessary to carry out its businesses and protect such information appropriately and to comply with all relevant laws and the University’s Policy, Rules and Procedures (PRP).

Related rules in the OIST PRP library


Collection and retention of personal information

  1. OIST shall use legitimate and fair means when collecting personal information.
  2. OIST shall retain personal information for administrative purposes only and within the limits of clearly defined objectives.
  3. When collecting personal information, OIST shall disclose the intended use for such information and the person(s) to be in charge of managing the information obtained.

Use of personal information

  1. Unless required by law, OIST shall not use personal information for purposes other than those for which it was collected or pass it on to a third party.
  2. Unless required by law, OIST shall not submit personal information to a third party without prior consent from the subject of that information.
  3. When submitting personal information to a third party as required by law, or outsourcing a task that involves the use of such information, OIST shall assess, in advance, the privacy protection and information management capabilities of the party in question and ensure that its handling of the entrusted information is subject to adequate supervision.

Management of personal information

In order to ensure the accuracy of the personal information it has obtained, and to safeguard such information against loss, destruction, falsification, or improper dissemination, OIST shall have security measures in place aimed at blocking unauthorized access and avoiding computer viruses.

Disclosure, correction, suspension of use, and deletion of personal information

OIST shall strive to ensure that those whose personal information is in its possession are aware of their rights to request the disclosure, correction, suspension of use, and deletion of that information, and to promptly respond to such requests in accordance with the OIST Rules and regulations.

Formulation, implementation, maintenance, and updating of the regulations on personal information protection and Privacy Policy

  1. In addition to this Policy, the handling of personal information at OIST is subject to the OIST Rules and regulations.
  2. OIST shall comply with all laws and regulations related to the protection of personal information and /shall continuously review and improve its measures for the handling of personal information.


Information Security Initiatives

Some of the security measures employed at OIST include but are not limited to:

Information Security Management Operation System

OIST has established the following roles and responsibilities to establish a system for the systematic management and operation of information security.

  1. Chief Information Security Officer
    OIST employs a Chief Information Security Officer (CISO) who sets the overall direction of information security. The CISO can establish information security policies and implement the necessary measures to ensure adoption of the policies.
  2. Information Security Committee
    A committee responsible for reviewing and deliberating various matters necessary for information security. Established by the office of the CIO, the committee consists of OIST senior leaders and subject matter experts to recommend strategies and plans for the protection of the university’s information systems.

Prevention of information security breaches (Access restrictions)

Access to information is determined according to the content and sensitivity of the information, and necessary restrictions are implemented to prevent unauthorized access. Users must not access or use information that they do not have permission to do so.

Classification of information assets

In order to apply the correct level of control to information, OIST assigns information assets into four classifications based upon determined value, confidentiality, integrity, and availability. These classifications are Public, Internal, Confidential, and Critical.

Compliance with laws and regulations

OIST complies with various laws and regulations as set out by national and prefectural government bodies when handling information assets. Violations of these regulations or OIST policies will be actioned according to the Policy, Rules, and Procedures (PRP) of the university.

Security policy evaluation and Audit

The university will periodically review and update security measures to ensure their effectiveness. OIST also regularly audits the application of security measures and evaluates the controls against international standards.


Google Analytics

Google Analytics services are employed to collect and analyze usage data for the purpose of website improvement and to provide a better user experience. Google Analytics uses first-party cookies, which are stored directly on the website and help collect usage data and remember user settings. First-party cookies cannot be used to track or share user activities across other websites.
To learn about how Google Analytics handles personal information, please see this page



For other general inquiries regarding the handling of personal information protection/information security at OIST, please contact the following.

Personal Information Protection:
Okinawa Institute of Science and Technology Graduate University (OIST)
Rules and Compliance Section


Information Security:
Okinawa Institute of Science and Technology Graduate University (OIST)
Information Security Section