TY - GEN
T1 - Privacy as first-class requirements in software development
T2 - 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021
AU - Benbenisty, Yizhaq
AU - Hadar, Irit
AU - Luria, Gil
AU - Spoletini, Paola
N1 - Publisher Copyright: © 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - Privacy requirements have become increasingly important as information about us is continuously accumulated and digitally stored. However, despite the many proposed methodologies and tools to address these requirements, privacy engineering is often underperformed in most domains of the software industry. Two of the major reasons underlying this under-performance are (1) the low expertise and understanding of privacy by the two main actors in requirements engineering: users and analysts, and (2) the fact that software developers often do not perceive privacy requirements as a priority for their companies, thus neglecting to meet these requirements even when they do have the required knowledge, skills, and supporting tools to do so. To address these two problems, we propose to integrate knowledge from software engineering and organizational psychology in an iterative, customizable, socio-technical environment. Such environment has the potential to support the design of systems by providing technical tools for eliciting, modeling, and designing privacy aspects, thus addressing the knowledge gap of both data subjects and analysts, and social mechanisms for achieving a supportive and sustainable organizational privacy climate within a company, thus reorienting the organizational attention and engagement toward addressing privacy requirements.
AB - Privacy requirements have become increasingly important as information about us is continuously accumulated and digitally stored. However, despite the many proposed methodologies and tools to address these requirements, privacy engineering is often underperformed in most domains of the software industry. Two of the major reasons underlying this under-performance are (1) the low expertise and understanding of privacy by the two main actors in requirements engineering: users and analysts, and (2) the fact that software developers often do not perceive privacy requirements as a priority for their companies, thus neglecting to meet these requirements even when they do have the required knowledge, skills, and supporting tools to do so. To address these two problems, we propose to integrate knowledge from software engineering and organizational psychology in an iterative, customizable, socio-technical environment. Such environment has the potential to support the design of systems by providing technical tools for eliciting, modeling, and designing privacy aspects, thus addressing the knowledge gap of both data subjects and analysts, and social mechanisms for achieving a supportive and sustainable organizational privacy climate within a company, thus reorienting the organizational attention and engagement toward addressing privacy requirements.
KW - Organizational climate
KW - Privacy
KW - Privacy by design
KW - Socio-technical solution
UR - http://www.scopus.com/inward/record.url?scp=85125462363&partnerID=8YFLogxK
U2 - 10.1109/ase51524.2021.9678872
DO - 10.1109/ase51524.2021.9678872
M3 - Conference contribution
T3 - Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021
SP - 1363
EP - 1367
BT - Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 15 November 2021 through 19 November 2021
ER -
