Information privacy right is guaranteed by our constitution. Therefore, the government has a constitutional obligation to protect people's personal data. A method to fulfill the obligation is to enact efficient law to prevent people's data from being breached and illegally used. Breaches of personal data mean that unauthorized acquisition of personal data that compromise the security, confidentiality and integrity of personal data maintained by public or private sectors. This article details the reason of breaches of personal data. Breaches of personal data also damage credit and reputation of corporations. Thus, personal data breach notification law is able to force them to emphasize their internal information security system. Referring to American related statutes, we suggest that we should have breach notification law. In this article, we provide advice about the scope, trigger, targets, timelines, methods of breach notification, the definition of personal data, and the liability for violation. The provided advice could be taken when enacting or amending related statutes.