Systematic Identification of Information Flows from Requirements to support Privacy Impact Assessments. Meis, R. and Heisel, M. In ICSOFT-PT 2015 - Proc. of the 10th Int. Conf. on Software Paradigm Trends, pages 43-52, 2015. SciTePress.
Systematic Identification of Information Flows from Requirements to support Privacy Impact Assessments [link]Paper  doi  abstract   bibtex   
Several countries prescribe or advise government departments and organizations to perform a privacy impact assessment (PIA) if these prepare new projects or change existing ones that involve personal information. A PIA shall summarize what personal information is collected, processed, stored, and distributed in the context of the project. But there is only little support for undertaking a PIA and to create a PIA report, most countries only provide vague guidelines and simple templates. We present in this paper an extension of the problem-based privacy analysis (ProPAn) method that derives information needed to conduct a PIA from a requirements model in problem frame notation. We provide a formally specified method with well-defined steps and tool support to reduce the effort to be spent for eliciting the needed information and to ensure that the needed information is as complete and coherent as possible to form an adequate basis for the creation of a PIA report.
@INPROCEEDINGS{ICSOFT15,
     author = {Meis, Rene and Heisel, Maritta},
   keywords = {Privacy, Privacy Analysis, Privacy Impact Assessment, Problem Frames, Requirements Engineering},
      title = {Systematic Identification of Information Flows from Requirements to support Privacy Impact Assessments},
  booktitle = {{ICSOFT-PT} 2015 - Proc. of the 10th Int. Conf. on Software Paradigm Trends},
       year = {2015},
      pages = {43-52},
  publisher = {SciTePress},
        url = {http://dx.doi.org/10.5220/0005518500430052},
        doi = {10.5220/0005518500430052},
   abstract = {Several countries prescribe or advise government departments and 
organizations to perform a privacy impact assessment (PIA) if these 
prepare new projects or change existing ones that involve personal 
information. A PIA shall summarize what personal information is 
collected, processed, stored, and distributed in the context of the 
project. But there is only little support for undertaking a PIA and 
to create a PIA report, most countries only provide vague guidelines 
and simple templates. We present in this paper an extension of the 
problem-based privacy analysis (ProPAn) method that derives 
information needed to conduct a PIA from a requirements model in 
problem frame notation. We provide a formally specified method with 
well-defined steps and tool support to reduce the effort to be spent 
for eliciting the needed information and to ensure that the needed 
information is as complete and coherent as possible to form an 
adequate basis for the creation of a PIA report.}
}
Downloads: 0