In 2009, the Criminal Investigation Bureau 165 anti-fraud hotline statistics indicated that internet shopping frauds due to leakage of personal information were ranked first, accounting for 35% of frauds. This indicates that personal information leakage is a serious problem. After third reading of the Personal Information Protection Act passed, if an organization uses personal information illegally, it will face high claims payments, criminal liability and other issues. To reduce the impact from the Personal Information Protection Act, organizations may need to begin to plan and implement relevant measures for the protection of personal information. This study used the a questionnaire survey to analyze the status of personal information protection in organizations. Goodwill impairment is found in most organizations which are concerned about the impact of accidental personal information leakage. However small and medium-sized enterprises and non-profit organizations are concerned about being required to prove that they have no intention or negligence related to personal information leakage problems than organization goodwill impairment. We assess an organizational personal information management system based on the four phases of BS 10012, “Plan", "Do", "Check", "Act”. Through this analysis, we provide priority strengthen phase advices for 10 organizations, For instance, the “information services industry” and “financial services industry” are in the "plan" phase, “government departments” are in the "Do" phase, “non-profit organizations” are in the "Check" phase, and the “telecommunications industry” is in the "Act" phase. Strengthening personal information management system will enable organizations to reduce the impact of the Personal Information Protection Act.