The Oceania University of Medicine (OUM) recognizes that privacy is a fundamental human right and that OUM has responsibilities and obligations when handling personal information.

This Policy provides an overview of the personal information held by OUM, and personal-information-handling practices, procedures and systems. It also provides guidance to staff of OUM in relation to the creation, management, storage, retrieval, and disposal of personal records.

This Policy complies with relevant legislative and regulatory standards as well as good practice principles in the management of personal information.


This Policy applies to:

  • all prospective and enrolled students and alumni of OUM;
  • all staff of OUM whether full-time, part-time, casual or contract;
  • members of OUM’s Governing Bodies.
  • all personal information held by OUM including paper-based and electronic records.


This policy relates to the OUM Personal Information and Privacy Policy and should be read in conjunction
with Personal Information and Privacy Procedure.


    Table 1. Definitions

    Personal informationMeans information or an opinion about an identified individual, or an individual who is reasonably identifiable, including a person’s name and address, medical records, bank account details, photos, and videos.
    Sensitive informationMeans personal information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, sexual orientation or practices, criminal record, health information.
    RecordsMeans any information captured by hard copy, technological or electronic means that pertains to OUM and its community.
    Secure recordsMeans the security of records is established through electronic back-up, and/or secure storage on-site or off-site in an area where records are protected from damage and incursion but may be retrieved as required and authorized.
    Student recordsMeans records in paper-based or electronic format that capture data pertaining to the student journey including records of application, enrolment, academic progress, departmental interactions, and graduation.

    Policy Statement


    When handling personal information, OUM will:

    1. foster a culture of respect of privacy to reduce invasiveness as far as practicable;
    2. regularly review its activities and consider whether it is necessary to collect and hold personal information in order to carry out the specific functions or activities;
    3. embed privacy protections into the design of information-handling practices;
    4. maintain the quality of personal information that is used and disclosed;
    5. only disclose student information with the consent of the student or only do so if the student would expect it, or where legally required to do so;
    6. regularly conduct activities to identify, assess and manage privacy and security risk, as well as develop and monitor controls for those risks.


    OUM recognizes that it deals with personal, often sensitive, information about individuals on a daily basis and that it has a responsibility to preserve and protect personal information.

    OUM is committed to good practice in management of personal information by implementing this Policy.

    Roles and Responsibilities

    Personal information is the overall responsibility of the Vice Chancellor and the University Council.

    The Chief Operating Officer and the Chief Information Officer are responsible for managing compliance with relevant jurisdictional privacy laws, conducting privacy impact assessments and coordinating OUM’s response to data breaches.

    All student information handling processes must comply with this Policy and training will be undertaken as part of all staff induction.

    Policy Information

    Name of process:Approving body: Executive Committee
    Document #:Date approved:
    Department / BU:Date of effect:
    Audience:Version: 1.0
    Category:Next scheduled review:
    Policy owner:Policy contact:

    Document Amendments & Approval

    Version #Action TakenIndividual ResponsibleApproval of action date
    1.0Document CreatedStaff Member NameDate approved