In this era of rapid information transmission and integration, every type of enterprises has access to a variety of personal information, leading to high risks of personal information privacy violations.The implementation of the Personal Information Protection Act has had diverse impacts on bank operations that banks must have rational justifications when accessing customer information.The author hopes to apply experiences acquired during conductions of operational audits in providing advices for doubts about the laws and difficulties in applications of laws at work, and to enhance personal information protection as well as management in operational processes from an auditing perspective.The purposes of this study include: 1) to investigate developments and contents of rights to privacy and financial privacy, 2) to understand the fundamental theories of the Personal Information Protection Act of Taiwan, 3) to understand the laws and regulations, responsibilities and obligations of financial institutions in protecting customer information in Taiwan, 4) to propose impacts of the Personal Information Protection Act on financial institution practices as well as doubts about applications of laws and responses to such questions, and 5) to discuss management and applications of internal information safety audits under the Personal Information Protection Act.