Passed by the legislature on Apr. 27, 2010, Taiwan’s new Privacy Protection Act will take effect in 2012. By then, all government departments and private sectors around the nation will be subject to the regulation of this protection act. In order to avoid penalties and loss of reputation for violation of the act, all enterprises must pay additional attention to information security. Among the current corporate information systems, human payroll systems contain most personal information of a company. A review of dominant human payroll systems in the market shows that most of these systems still have some weaknesses that may easily result in personal information leakage, including non-encryption of database columns, no limitation on maximum data access, visibility of sensitive columns, and so on. Therefore, this thesis investigates domestic laws governing information security and internal information security controls commonly used by enterprises. With assistance of experts and scholars, this thesis explores the necessary adjustments of human payroll systems for compliance with the Privacy Protection Act. The human payroll systems of a case company is used as an example to validate whether these adjustments can make it compliant with the Privacy Protection Act and reduce the relative impacts on the company. Holding a positive view of the benefits of the Privacy Protection Act, this thesis attempts to find a cost-effective response plan, which can ultimately minimize the crime rate of information leakage.