Of the recent, there has been a series of large scale personal information leak scandals involving banks, credit card companies, or other financial institutions. The personal information that has been compromised in these events include names, resident registration numbers, mobile phone numbers, where the victims work, and live, along with the bank account numbers, annual incomes, and the usage of their credit cards. Worse, it should be noted that much of this information came from the members who already withdrew from their membership with the credit card companies. While most of the users of the financial transaction services believed their personal information would safely be wiped out once they withdrew from the membership, those companies obviously have been kept such information, even that belong to customers who no longer used their services. The Personal Information Protection Act requires that personal information should safely, and immediately, be disposed of once the term of holding is expired or the purpose of having such information is served. However, if there are any other provisions of laws stating otherwise, the information cannot be deleted immediately. In the end, the companies which hold personal information have no other choice but to continue to hold such information in order to fulfill the requirements by such laws, regarding documentation, paper works, archiving, or storing data or related materials, with colliding requirements to protect the personal information required by the Personal Information Protection Act or the responsibilities to protect such personal information based on the Information and Communication Networks Act. In this study, we examined the overall systems on the destruction of personal information and reviewed how to destroy the personal information of the members who withdrew immediately. Firstly, we divided the current schemes of the destruction of personal information into several categories based on the principles of destructions and exceptions, as well as when, how, and in what procedures such information should be destroyed. Then, we analyzed the issues under debates regarding the immediate destructions of personal information. Lastly, as a means to ensure the personal information can be destroyed immediately upon withdrawal, the issues of collisions with the documentation and archiving obligations in other laws. The personal information processors should destroy the personal information once their purpose of processing such information is served or the expiry of their control over such information is reached. It is also necessary to design and implement technical and administrative measures to ensure such information is disposed of automatically. When it cannot be avoided holding such information due to the requirements in other laws, the personal information should be kept separately from other information and managed accordingly. In addition, the provisions of laws that require keeping of personal information should be mitigated, either in its own scopes or in terms of the documents to be kept, at lease. Another option to consider is to minimize the amount of personal information to be provided in such forms or extracting and encrypting the personal information from such documents. The time of holding such information should also be reduced, if it is possible.