Trend Micro in the " Global Threat Trends, 1H 2010" pointed out that when it comes to malware infections by industry sector, the education took the lead during the first half of 2010. Almost 50 percent of all malware infections occurred within schools and colleges which hold a large amount of personal data. Malware not only leaks personal data and damages school reputation, but also affects the sustainable development of school. Therefore, this study investigated the present college personal information management system based on “Plan", "Do", "Check", "Act”, four phases of "BS 10012：2009 －personal information management system, PIMS", and presents recommendations for improvement. The study found that 64.6% of managers working at computer centers, considered college reputation damage the most serious impact in the case of personal information leaking; thus, most of them also considered strengthening internal audit to avoid this from happening. At present, the major developmental progress in college personal information management system is at the “Plan” and “Do” phase, and a lack of control for “Check” and “Act”. This study researched whether regional differences and scale of computer center would affect personal information management system among colleges. In terms of regional comparison, there is no significant difference in PDCA phrases, except that the staff information security training performed better in the northern colleges. In terms of performance difference due to number of staff, it was found that colleges with more than 10 employees were better developed. Finally, the study presents recommendations for the colleges with “Check” and “Act” phase in personal information management system.