Bancassurance had become the largest channel of life insurance market in Taiwan since 2009. Obviously, it will face a critical challenge and legal compliance risk after the implementation of Personal Information Protection Act (PIPA). Based on two type operational structures of Bancassurance, this paper focuses on the legal issues of the personal information collecting, transferring, and using between the bank and insurance companies and intermediaries. We find that referral collecting model is the best one to fit the new norm, and this paper suggest the supervisory entity should allow banks can directly solicit insurance policies to reduce legal compliance risk.