Supporting Privacy Impact Assessments using Problem-based Privacy Analysis. Meis, R. & Heisel, M. In Software Technologies - 10th International Joint Conference, ICSOFT 2015, Revised Selected Papers, volume 586, of Communications in Computer and Information Science, pages 79–98, 2016. Springer.
Supporting Privacy Impact Assessments using Problem-based Privacy Analysis [link]Paper  doi  abstract   bibtex   
Privacy-aware software development is gaining more and more importance for nearly all information systems that are developed nowadays. As a tool to force organizations and companies to consider privacy properly during the planning and the execution of their projects, some governments advise to perform privacy impact assessments (PIAs). During a PIA, a report has to be created that summarizes the consequence on privacy the project may have and how the organization or company addresses these consequences. As basis for a PIA, it has to be documented which personal data is collected, processed, stored, and shared with others in the context of the project. Obtaining this information is a difficult task that is not yet well supported by existing methods. In this paper, we present a method based on the problem-based privacy analysis (ProPAn) that helps to elicit the needed information for a PIA systematically from a given set of functional requirements. Our tool-supported method shall reduce the effort that has to be spent to elicit the information needed to conduct a PIA in a way that the information is as complete and consistent as possible.
@INPROCEEDINGS{CCIS16,
     author = {Meis, Rene and Heisel, Maritta},
   keywords = {Privacy, Privacy Impact Assessment, Problem Frames, Requirements Engineering},
      title = {Supporting Privacy Impact Assessments using Problem-based Privacy Analysis},
  booktitle = {Software Technologies - 10th International Joint Conference, {ICSOFT} 2015, Revised Selected Papers},
     series = {Communications in Computer and Information Science},
     volume = {586},
       year = {2016},
      pages = {79--98},
  publisher = {Springer},
       isbn = {978-3-319-30141-9},
        url = {http://dx.doi.org/10.1007/978-3-319-30142-6_5},
        doi = {10.1007/978-3-319-30142-6_5},
   abstract = {Privacy-aware software development is gaining more and more importance for nearly all information systems that are developed nowadays. As a tool to force organizations and companies to consider privacy properly during the planning and the execution of their projects, some governments advise to perform privacy impact assessments (PIAs). During a PIA, a report has to be created that summarizes the consequence on privacy the project may have and how the organization or company addresses these consequences. As basis for a PIA, it has to be documented which personal data is collected, processed, stored, and shared with others in the context of the project. Obtaining this information is a difficult task that is not yet well supported by existing methods. In this paper, we present a method based on the problem-based privacy analysis (ProPAn) that helps to elicit the needed information for a PIA systematically from a given set of functional requirements. Our tool-supported method shall reduce the effort that has to be spent to elicit the information needed to conduct a PIA in a way that the information is as complete and consistent as possible.}
}
Downloads: 0