本研究以問卷調查方式，分析各組織個人資料保護現況。發現商譽受損是最多組織擔憂若不慎洩漏個資時的衝擊，但中小企業與非營利事業對於須自行舉證組織並無故意或過失洩漏個資的困擾更甚於商譽受損。本研究以BS 10012為基礎之「規劃」、「實行與運作」、「監督與審查」、「改善」等四構面，評估組織的個人資訊管理制度(Personal Information Management System, PIMS)狀況，提供十種組織可優先加強構面之建議，如資訊服務業、金融業等組織在「規劃」構面、政府部門等在「實行與運作」構面、非營利組織等在「監督與審查」構面與電信業等在「改善」構面，建議強化個人資訊管理制度上的不足，使組織降低個資法將帶來的衝擊。
In 2009, the Criminal Investigation Bureau 165 anti-fraud hotline statistics indicated that internet shopping frauds due to leakage of personal information were ranked first, accounting for 35% of frauds. This indicates that personal information leakage is a serious problem. After third reading of the Personal Information Protection Act passed, if an organization uses personal information illegally, it will face high claims payments, criminal liability and other issues. To reduce the impact from the Personal Information Protection Act, organizations may need to begin to plan and implement relevant measures for the protection of personal information.
This study used the a questionnaire survey to analyze the status of personal information protection in organizations. Goodwill impairment is found in most organizations which are concerned about the impact of accidental personal information leakage. However small and medium-sized enterprises and non-profit organizations are concerned about being required to prove that they have no intention or negligence related to personal information leakage problems than organization goodwill impairment. We assess an organizational personal information management system based on the four phases of BS 10012, “Plan", "Do", "Check", "Act”. Through this analysis, we provide priority strengthen phase advices for 10 organizations, For instance, the “information services industry” and “financial services industry” are in the "plan" phase, “government departments” are in the "Do" phase, “non-profit organizations” are in the "Check" phase, and the “telecommunications industry” is in the "Act" phase. Strengthening personal information management system will enable organizations to reduce the impact of the Personal Information Protection Act.