skip to main content
10.1145/3555228.3555262acmotherconferencesArticle/Chapter ViewAbstractPublication PagessbesConference Proceedingsconference-collections
research-article

Framework for the development of computational solutions for the support of requirements engineering with a focus on data protection

Published: 05 October 2022 Publication History

Abstract

Technological growth has allowed the large-scale processing of personal data, sometimes treated for purposes not previously consented with their subjects or without the required protection. Privacy is a crucial topic that has become popular with the entry into force of regulations such as GDPR and LGPD. Research shows that adhering to these regulations is not trivial for companies that develop solutions that treat personal data. This scenario is worsened by the lack of knowledge of software development teams regarding data protection regulations. In this context, the present work aims to support teams in building software requirements adhering to data protection regulations through a workflow-based framework. The workflow analyzes the requirement from various points of view related to data protection, indicating points of improvement for developing the software in question. We developed a practical example to demonstrate the framework’s applicability, analyzing a software requirement. The obtained results are promising.

References

[1]
Md Tarique Jamal Ansari, Abdullah Baz, Hosam Alhakami, Wajdi Alhakami, Rajeev Kumar, and Raees Ahmad Khan. 2021. P-STORE: Extension of STORE Methodology to Elicit Privacy Requirements. Arabian Journal for Science and Engineering0123456789 (2021). https://doi.org/10.1007/s13369-021-05476-z
[2]
Vanessa Ayala-Rivera and Liliana Pasquale. 2018. The grace period has ended: An approach to operationalize GDPR requirements. Proceedings - 2018 IEEE 26th International Requirements Engineering Conference, RE 2018 (2018), 136–146. https://doi.org/10.1109/RE.2018.00023
[3]
Kathrin Bednar, Sarah Spiekermann, and Marc Langheinrich. 2019. Engineering Privacy by Design: Are engineers ready to live up to the challenge?Information Society 35, 3 (may 2019), 122–142. https://doi.org/10.1080/01972243.2019.1583296
[4]
Brasil. 2018. LEI Nº 13.709, DE 14 DE AGOSTO DE 2018.http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/L13709.htm
[5]
Michael Colesky, Jaap-Henk Hoepman, and Christiaan Hillen. 2016. A critical analysis of privacy design strategies. Security and Privacy Workshops (SPW). IEEE(2016), 33–40. https://doi.org/10.1109/SPW.2016.23
[6]
Vasiliki Diamantopoulou, Aggeliki Tsohou, and Maria Karyda. 2020. From ISO/IEC 27002:2013 Information Security Controls to Personal Data Protection Controls: Guidelines for GDPR Compliance. In Computer Security, Sokratis Katsikas and et al. (Eds.). Springer International Publishing, Cham, 238–257.
[7]
Nicolás E.Díaz Ferreyra, Patrick Tessier, Gabriel Pedroza, and Maritta Heisel. 2020. PDP-ReqLite: A Lightweight Approach for the Elicitation of Privacy and Data Protection Requirements. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 12484 LNCS, September(2020), 161–177. https://doi.org/10.1007/978-3-030-66172-4_10
[8]
Gustavo Gil Gasiola. 2019. Criação e desenvolvimento da proteção de dados na Alemanha. https://www.jota.info/opiniao-e-analise/artigos/criacao-e-desenvolvimento-da-protecao-de-dados-na-alemanha-29052019
[9]
H. Gjermundrod, I. Dionysiou, and K. Costa. 2016. A privacy- by-design gdpr-compliant framework with verifiable data traceability controls. International Conference on Web Engineering. Springer (2016), 3–15.
[10]
globo.com. 2018. Entenda o escândalo de uso político de dados que derrubou valor do Facebook e o colocou na mira de autoridades. https://g1.globo.com/economia/tecnologia/noticia/entenda-o-escandalo-de-uso-politico-de-dados-que-derrubou-valor-do-facebook-e-o-colocou-na-mira-de-autoridades.ghtml
[11]
Irit Hadar, Tomer Hasson, Oshrat Ayalon, Eran Toch, Michael Birnhack, Sofia Sherman, and Arod Balissa. 2018. Privacy by designers: software developers’ privacy mindset. Empirical Software Engineering 23, 1 (2018), 259–289. https://doi.org/10.1007/s10664-017-9517-1
[12]
Ralf Kneuper. 2020. Translating data protection into software requirements. ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy(2020), 257–264. Issue December 2019. https://doi.org/10.5220/0008873902570264
[13]
kpmg. 2020. Global Customer Experience Excellence report. https://home.kpmg/xx/en/home/insights/2020/01/home.html
[14]
National Institute of Standards and Tecnology. 2018. Cybersecurity Framework. https://www.nist.gov/cyberframework/getting-started
[15]
Philipp Offermann, Olga Levina, Marten Schönherr, and Udo Bub. 2009. Outline of a Design Science Research Process. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/1555619.1555629
[16]
P. Poncelet, M. Teisseire, and F. Masseglia. 2008. Data Mining Patterns: New Methods and Applications.Information science reference.
[17]
Shahzad Qaiser and Ramsha Ali. 2018. Text Mining: Use of TF-IDF to Examine the Relevance of Words to Documents. 181, 1 (2018). Issue July, 2018.
[18]
Sans. 2021. Controles CIS v8. https://www.sans.org/blog/cis-controls-v8/
[19]
Paulo Henrique Silva, Fabiane Barreto Vavassori Benitti, and Michelle Silva Wangham. 2022. Como a Engenharia de Requisitos apoia a proteção de dados pessoais?Proceedings 48 Conferência Latinoamericana de Informática - CLEI (2022).
[20]
Sandra Zinsmaier, Hanno Langweg, and Marcel Waldvogel. 2020. A Practical Approach to Stakeholder-driven Determination of Security Requirements based on the GDPR and Common Criteria. In Proceedings of the 6th International Conference on Information Systems Security and Privacy, Steven Furnell, Paolo Mori, and Edgar Weippl (Eds.). SCITEPRESS, Setúbal, Portugal, 473–480. https://doi.org/10.5220/0008960604730480

Index Terms

  1. Framework for the development of computational solutions for the support of requirements engineering with a focus on data protection
          Index terms have been assigned to the content through auto-classification.

          Recommendations

          Comments

          Information & Contributors

          Information

          Published In

          cover image ACM Other conferences
          SBES '22: Proceedings of the XXXVI Brazilian Symposium on Software Engineering
          October 2022
          457 pages
          ISBN:9781450397353
          DOI:10.1145/3555228
          Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          Published: 05 October 2022

          Permissions

          Request permissions for this article.

          Check for updates

          Author Tags

          1. Data Protection
          2. GDPR
          3. LGPD
          4. Requirements Engineering

          Qualifiers

          • Research-article
          • Research
          • Refereed limited

          Conference

          SBES 2022
          SBES 2022: XXXVI Brazilian Symposium on Software Engineering
          October 5 - 7, 2022
          Virtual Event, Brazil

          Acceptance Rates

          Overall Acceptance Rate 147 of 427 submissions, 34%

          Contributors

          Other Metrics

          Bibliometrics & Citations

          Bibliometrics

          Article Metrics

          • 0
            Total Citations
          • 92
            Total Downloads
          • Downloads (Last 12 months)17
          • Downloads (Last 6 weeks)2
          Reflects downloads up to 15 Feb 2025

          Other Metrics

          Citations

          View Options

          Login options

          View options

          PDF

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader

          HTML Format

          View this article in HTML Format.

          HTML Format

          Figures

          Tables

          Media

          Share

          Share

          Share this Publication link

          Share on social media