Composition of PIA areas and fields [4, S3].

As the Internet becomes increasingly widespread, various cybercrimes involving privacy, such as misuse, abuse, and leakage of privacy in integrated information systems that contain privacy data, are increasing worldwide. To address such intrusions, privacy impact assessments (PIAs) of information systems have been performed. Various studies, including PIAs, have been conducted to establish PIA frameworks (PIAF), surveys, and analyses to investigate intrusion cases. Impact assessments based on assessment items and low-level PIAs that analyze intrusion factors differ among countries. The PIAF in the Netherlands comprises three stages, that in Canada comprises four stages, and that in Korea comprises three stages, each of which defines subprocesses. In this study, the PIAFs of these countries were investigated and compared. We also compared the assessment items of ISO/IEC 27701 and Korea’s PIAF. We analyzed PIAs conducted on information systems operated by public institutions in Korea. Through the analysis of these PIAs, we derived the factors causing intrusions in Korea and proposed improvement points for each intrusion factor. We expect that these analysis results can be effectively applied to other countries.