To protect personal identities and sensitive data in e-commerce company is an urgent item after the Personal Data Protection Law's progress. The proactive actions include making a personal data protection plan, to provide the evidences that they have do the best in protect and prevent the data leakage. We have proposed a data security life cycle bind with a data security focused audit practices to help those companies to complete due care and due diligent on this topic.