Personal information is generated by many information systems around people. Online data transfer has become a research focus across a number of fields, including scientific research, government transparency and open data. The privacy requirements of OECD Guidelines, APEC Framework and EU Directives did influence the privacy legislation on Taiwan, Canada, and Australia. This paper describes Taiwan legislation on personal information protection, and sets out the ground rules for how an organization may collect, process, use or transmit information about any data subjects. This paper also proposes an ICT governance framework in online data privacy management. These privacy requirements are further explored from three categories: primary activities of manageable facets, secondary activities of relational stakeholders, and tertiary activities of positional concerns. These activities are explored from life cycle stage, data privacy issue, and privacy requirements. This framework supplements the existing conceptions of international privacy principles and their privacy requirements for personal information. Within the framework of this study, further studies may concentrate on big data and case study in online management strategies.