Recent media attention to information protection issues has shown that citizens are increasingly concerned about personal information protection and their right to it. Many organizations have collected data about individuals at an increasing alarming rate. It’s about time to manage privacy and security of on-line information by reviewing their fundamentals and principles as well as relevant laws and regulations. Concerns of privacy harm have resulted in laws and regulations such as the privacy rules of Personal Information Protection Act (PIPA) in Taiwan. Taking a proactive stance against privacy invasion could help stave off government intervention to tighten controls over what can be done with an individual's personal data. This proposed P-P model is divided into two phases: Performance Evaluation Phase, and Policy Management Phase. Each Phase is explored from the following issues: concern, issue, response, strategy, principle, focus, and element. That model is presented to provide managers guidance in dealing with privacy policy. The main contributions of this thesis lie in analyzing the internet privacy violation, conceptualizing a novel privacy-enhanced framework, providing the privacy strategy on the internet, and improving the ability on information security. The thesis closes with recommendations for privacy and security good practices for information managers. That also benefits the cybercrime investigation of data leakage.