The official announcement and implementation of the “Personal Information Protection Act” has propelled the privacy protection issue in Taiwan into a new era. Recently, frequent occurrence of information security leaks and data privacy violation events has awakened public awareness concerning this issue. Personal information leakage is likely to happen under circumstances without comprehensive information security protection mechanisms and personal information protection measures in place. Especially after the implementation of the “Personal Information Protection Act,” personal information leakage incidents will not only impact the image of the organization but also result in legal liabilities and severe damage compensation. Having already acquired information security management ISO 27001 annual certification through a third party, University “S” is covered with a comprehensive information security protection base. However, the university is still faced with the impact of “Personal Information Protection Act” and the related requests from the Ministry of Education. It must further examine the existing information security system from the viewpoint of personal information protection to reduce the legal impact and strengthen security measures to protect personal information. This study aims to provide a solution for the university facing such a problem. First, a review of relevant literature concerning the “Personal information Protection Act,” information security, and protection of personal information is conducted. Second, it seeks to understand the current status of the university through examining the information security measures and information assets. Third, it analyzes the legal impact and issues faced by the university in accordance with the “Personal Information Protection Act,” Personal Information Protection Act Enforcement Rules, and the use of personal information life cycle. Finally, based on the Personal Information Protection Act and Information Security Management System (ISMS) implemented by the school, this study also adopts the BS 10012 Personal Information Management System (PIMS) and PDCA viewpoints, it proposes a set of actions in response to the impact of the Personal Information Protection Act. Detail implementation steps are also outlined. We adopt the top-down improvement method to improve personal information protection in depth and breadth, reduce the risk of violating Personal Information Protection Act, and achieve the purpose of protecting personal information by expanding the existing security system of the university.