Computer-Aided Privacy Requirements Elicitation Technique

Author

Miyazaki, Seiya ; Mead, Nancy ; Zhan, Justin

fYear

2008

fDate

9-12 Dec. 2008

Firstpage

367

Lastpage

372

Abstract

The legislative penalties and economic penalties for privacy violations are more serious for a service provider these days. In spite of demonstrating that it is willing and able to protect the privacy of information, a service provider developing a privacy-compliant system faces two challenges; technical complexities and legal complexities. In this paper, we propose a computer-aided privacy requirements elicitation technique (PRET) that helps software developers elicit privacy requirements more efficiently in the early stages of software development. The goal of the PRET tool is to accelerate the elicitation process and prevent privacy requirements leaks by using a general privacy requirements database derived from privacy laws and empirical privacy requirements. We also show the results of integrating the PRET tool with the security quality requirements engineering (SQUARE) methodology and provide evidence of the efficacy of the resultant tool.

Keywords

security of data; computer-aided privacy requirements; economic penalties; elicitation technique; legal complexities; legislative penalties; privacy violations; privacy-compliant system; security quality requirements engineering; software development; technical complexities; Acceleration; Costs; Data privacy; Guidelines; Information security; Law; Legal factors; Legislation; Programming; Protection;

fLanguage

English

Publisher

ieee

Conference_Titel

Asia-Pacific Services Computing Conference, 2008. APSCC '08. IEEE

Conference_Location

Yilan

Print_ISBN

978-0-7695-3473-2

Electronic_ISBN

978-0-7695-3473-2

Type

conf

DOI

10.1109/APSCC.2008.263

Filename

4780702