In the transformation of digital government，the focus of the transformation of the government administration model lies in the reconstruction of the information order and its operation mode between “administration and citizen” in administrative activities. Under the data-driven model，the automation of administrative procedures and the centralized sharing as well as the open use of data inside and outside the government make the implementation of administrative methods more closely tied to the collection，processing，and use of personal information. While this reform of administrative methods is gaining effectiveness，it also raises a series of personal information protection risks in data utilization and security. In recent years，although national and local government have been making some rules to protect personal information，a systematic legal protection of personal information has not yet formed in consideration of lacking legislation integration. With the promulgation of two draft laws，Personal Information Protection Law and Data Security Law，the lack of regulation under decentralized legislation is expected to be eased to a considerable extent. However，focusing on the response to personal information protection risks in the reform of administrative methods，the content of the current draft is somewhat unfinished.