Commitment analysis to operationalize software requirements from privacy policies |
| |
Authors: | Jessica D Young |
| |
Affiliation: | (1) Department of Computer Science, College of Engineering, North Carolina State University, Raleigh, NC, USA |
| |
Abstract: | Online privacy policies describe organizations’ privacy practices for collecting, storing, using, and protecting consumers’
personal information. Users need to understand these policies in order to know how their personal information is being collected,
stored, used, and protected. Organizations need to ensure that the commitments they express in their privacy policies reflect
their actual business practices, especially in the United States where the Federal Trade Commission regulates fair business
practices. Requirements engineers need to understand the privacy policies to know the privacy practices with which the software
must comply and to ensure that the commitments expressed in these privacy policies are incorporated into the software requirements.
In this paper, we present a methodology for obtaining requirements from privacy policies based on our theory of commitments,
privileges, and rights, which was developed through a grounded theory approach. This methodology was developed from a case
study in which we derived software requirements from seventeen healthcare privacy policies. We found that legal-based approaches
do not provide sufficient coverage of privacy requirements because privacy policies focus primarily on procedural practices
rather than legal practices. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|