TY - JOUR
T1 - Privacy by designers
T2 - software developers’ privacy mindset
AU - Hadar, Irit
AU - Hasson, Tomer
AU - Ayalon, Oshrat
AU - Toch, Eran
AU - Birnhack, Michael
AU - Sherman, Sofia
AU - Balissa, Arod
N1 - Publisher Copyright: © 2017, Springer Science+Business Media New York.
PY - 2018/2/1
Y1 - 2018/2/1
N2 - Privacy by design (PbD) is a policy measure that guides software developers to apply inherent solutions to achieve better privacy protection. For PbD to be a viable option, it is important to understand developers’ perceptions, interpretation and practices as to informational privacy (or data protection). To this end, we conducted in-depth interviews with 27 developers from different domains, who practice software design. Grounded analysis of the data revealed an interplay between several different forces affecting the way in which developers handle privacy concerns. Borrowing the schema of Social Cognitive Theory (SCT), we classified and analyzed the cognitive, organizational and behavioral factors that play a role in developers’ privacy decision making. Our findings indicate that developers use the vocabulary of data security to approach privacy challenges, and that this vocabulary limits their perceptions of privacy mainly to third-party threats coming from outside of the organization; that organizational privacy climate is a powerful means for organizations to guide developers toward particular practices of privacy; and that software architectural patterns frame privacy solutions that are used throughout the development process, possibly explaining developers’ preference of policy-based solutions to architectural solutions. Further, we show, through the use of the SCT schema for framing the findings of this study, how a theoretical model of the factors that influence developers’ privacy practices can be conceptualized and used as a guide for future research toward effective implementation of PbD.
AB - Privacy by design (PbD) is a policy measure that guides software developers to apply inherent solutions to achieve better privacy protection. For PbD to be a viable option, it is important to understand developers’ perceptions, interpretation and practices as to informational privacy (or data protection). To this end, we conducted in-depth interviews with 27 developers from different domains, who practice software design. Grounded analysis of the data revealed an interplay between several different forces affecting the way in which developers handle privacy concerns. Borrowing the schema of Social Cognitive Theory (SCT), we classified and analyzed the cognitive, organizational and behavioral factors that play a role in developers’ privacy decision making. Our findings indicate that developers use the vocabulary of data security to approach privacy challenges, and that this vocabulary limits their perceptions of privacy mainly to third-party threats coming from outside of the organization; that organizational privacy climate is a powerful means for organizations to guide developers toward particular practices of privacy; and that software architectural patterns frame privacy solutions that are used throughout the development process, possibly explaining developers’ preference of policy-based solutions to architectural solutions. Further, we show, through the use of the SCT schema for framing the findings of this study, how a theoretical model of the factors that influence developers’ privacy practices can be conceptualized and used as a guide for future research toward effective implementation of PbD.
KW - Data protection
KW - Grounded analysis
KW - Organizational climate
KW - Privacy
KW - Privacy by design
KW - Qualitative research
KW - Social cognitive theory
UR - http://www.scopus.com/inward/record.url?scp=85018279903&partnerID=8YFLogxK
U2 - https://doi.org/10.1007/s10664-017-9517-1
DO - https://doi.org/10.1007/s10664-017-9517-1
M3 - Article
SN - 1382-3256
VL - 23
SP - 259
EP - 289
JO - Empirical Software Engineering
JF - Empirical Software Engineering
IS - 1
ER -