In a society where information technology is highly developed, companies are facing a new challenge or a risk. Now we`re living in a highly information-based society, so it is clear to ask for a strict managing system for those companies that collect and keep personal information in order to protect the information given a series of the recent private information breach incidents. With the private information protection law going into effect, the risk of getting administrative disposition is imposed on companies that violate the law and cause the information security breach incidents. In the case that companies continuously use private information for business purpose, the organizations as a whole need to respond to the situation. Particularly transactions between businesses ask those in charge of dealing with the information to keep it safely for the protection of personal information. Businesses are supposed to make profits but that`s not all. They are related to many others and the range of business is large. In that sense they serve as a social being affecting many different stakeholders. In particular, the information they collect while carrying out their business is a very important resource, but managing the information accompanies an inherent risk of breach incidents led to liability to damages. Therefore it is more important than ever to see personal information as a risk inherent to business and build an appropriate risk management system for the information.