The occurrence of cybersecurity incidents is often accompanied by the risk of data leakage. Especially when PII (personally identifiable information) is breached, it will cause economic cost and reputational damage to the company. The purpose of collecting PII is to provide products, services and commercial value-added services. Enterprises are obliged to maintain the security of the PII process system. Data security strategy include organizational management and technical control countermeasures. This speech explains the key points of data security governance, interprets them based on relevant legal compliance and ISO standards, and compares recent information security or data breach incidents with cases to provide specific suggestions.