Privacy as first-class requirements in software development: A socio-technical approach

• Published in: IEEE/ACM International Conference on Automated Software Engineering : [proceedings] pp. 1363 - 1367
• Main Authors: Benbenisty, Yizhaq, Hadar, Irit, Luria, Gil, Spoletini, Paola
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.11.2021
• Subjects: Companies; Data privacy; Knowledge engineering; organizational climate; Privacy; privacy by design; socio-technical solution; Software; Software measurement; Systematics
• ISSN: 2643-1572
• DOI: 10.1109/ASE51524.2021.9678872

Privacy requirements have become increasingly important as information about us is continuously accumulated and digitally stored. However, despite the many proposed methodologies and tools to address these requirements, privacy engineering is often underperformed in most domains of the software industry. Two of the major reasons underlying this under-performance are (1) the low expertise and understanding of privacy by the two main actors in requirements engineering: users and analysts, and (2) the fact that software developers often do not perceive privacy requirements as a priority for their companies, thus neglecting to meet these requirements even when they do have the required knowledge, skills, and supporting tools to do so. To address these two problems, we propose to integrate knowledge from software engineering and organizational psychology in an iterative, customizable, socio-technical environment. Such environment has the potential to support the design of systems by providing technical tools for eliciting, modeling, and designing privacy aspects, thus addressing the knowledge gap of both data subjects and analysts, and social mechanisms for achieving a supportive and sustainable organizational privacy climate within a company, thus reorienting the organizational attention and engagement toward addressing privacy requirements.