Technological development and the capacity of police surveillance powers create an easier environment for violation of personal data. One of the purposes of this study is to explore the modes of personal information divulged by police. The second purpose is to explore how to reduce and impede such leakage. In this study, we use 20 cases to analyze the causes and modes of leakage of personal information, and then select 10 police personnel in two counties to conduct in-depth interviews. Through these processes, we seek to understand why/how the police breach confidentiality. The findings reveal the modes of police breach of confidentiality: 1. Make inquiries of password by using their own accounts 2. Assign others to make a check under the pretext of handling the case 3. Without permission, make use of others who have no knowledge of the inquiry 4. Make use of public affairs to fit personal purposes 5. Use false call forwarding to the police officers' internal phone lines to make inquires, 6. Make inquires about personal information under the pretext of handling the case 7. Tell a lie that the account number, password is locked, and because of the case investigation, ask others on behalf to make inquiries 8. Give a police computer for inquiries to others, resulting in the leakage of personal information 9. Use M-Police action carriers for non- public purposes to access personal information. The leakage of personal information occurs mainly because the concept of police security is weak, and the relevant authorities fail to stress its importance and they do not strive for improvement. Other problems also include poor staffing selection, lack of professional orientation, failure to implement a good agent system, defects in the personnel system, short of dedicated professionals, leading to brain drain and low morale; there are also associated problems, i.e. unit officers' lack of security awareness and attitudes of ignorance, and lack of oversight by management. Although the data processes for confidential information has been enacted, they do not fully implement the principle that "confidential data shall not be accessible in computers". In addition, the internal information security audit is a mere formality, rather than a real preventive strategy. Relevant education and training programs are not sufficiently provided for personnel. There is a need to have on-the-job training and education to strengthen professional judgment and ethics, and information security education has be presented in diverse and lively ways. There is also a need to realize the establishment of the concept of information security, which may reduce the incidence of leakage. In addition, new technologies are required to help IT staff in control promote the idea of information security. In conclusion, this research makes proposals to police institutions that they should adopt new technologies, such as directory management system, content encryption, flow monitoring system and computer terminal protection system, etc., to strengthen their monitoring system to make management more effective as well as deter leakage. The current auditing method fails to deter and is a mere formality. Consequently, the research specifically proposes that the "Red Flag warning mechanism to make queries in a computer system" and "computer inquiry/search analysis system" is used to assist in building up the necessary information security management framework.