The　Internet　and　computers　did　not　invent　or　even　cause　privacy　issues.　The　issues　existed　long　before　the　creation　of　computers　and　Internet.　The　existence　of　The　Internet,　computers　and　large　data　storage　make　it　possible　to　collect,　process　and　transmit　large　volumes　of　data,　including　personal　data.　In　this　paper,　we　shall　study　the　privacy　from　following　two　different　views,　namely　legal　framework　and　computer　security　model,　and　attempt　to　identify　the　difference　between　them.　Because　of　the　difference,　we　further　argue　that　the　current　computer　security　model　is　not　sufficient　to　support　the　privacy　requirements　in　the　legal　framework.　We　propose　a　computer　model　＇privacy　reference　monitor＇　to　handle　those　unsupported　requirements.　The　design　of　the　privacy　reference　monitor　is　privacy　policy　neutral　with　a　small　number　of　functions.　With　minimal　functionalities,　we　believe　that　it　is　possible　to　implement　a　verifiable　privacy　reference　monitor.　©　2009　IEEE.