Abstract
During software development activities, it is important for Information and Communication Technology (ICT) practitioners to know and understand practices and guidelines regarding information privacy, as software requirements must comply with data privacy laws and members of development teams should know current legislation related to the protection of personal data. In order to gain a better understanding on how industry ICT practitioners perceive the practical relevance of software privacy and privacy requirements and how these professionals are implementing data privacy concepts, we conducted a survey with ICT practitioners from software development organizations to get an overview of how these professionals are implementing data privacy concepts during software design. We performed a systematic literature review to identify related works with software privacy and privacy requirements and what methodologies and techniques are used to specify them. In addition, we conducted a survey with ICT practitioners from different organizations. Findings revealed that ICT practitioners lack a comprehensive knowledge of software privacy and privacy requirements and the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais, LGPD, in Portuguese), nor they are able to work with the laws and guidelines governing data privacy. Organizations are demanded to define an approach to contextualize ICT practitioners with the importance of knowledge of software privacy and privacy requirements, as well as to address them during software development, since LGPD must change the way teams work, as a number of features and controls regarding consent, documentation, and privacy accountability will be required.
Highlights
In Brazil, software development organizations, public or private, that process users’ personal data must comply with a large number of regulations and ensure that business and system requirements are legally compliant, namely, they implement the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais, LGPD, in Portuguese) in all their software systems.Inappropriate use of data from users is subject to penalties if violated
This paper aims to conduct a systematic literature review to identify the models and techniques used in the literature to implement software privacy and privacy requirements
We have found some works in the literature that report on the use of use cases, business process modeling, class diagrams, user story, user experience, design thinking, among others, for software privacy and privacy requirements’ elicitation [44,48,49,56,57,58] and have related works to software privacy and privacy requirements for cloud deployment models [46,47,59] and Internet of Things (IoT) [41,42,60,61]
Summary
In Brazil, software development organizations, public or private, that process users’ personal data must comply with a large number of regulations and ensure that business and system requirements are legally compliant, namely, they implement the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais, LGPD, in Portuguese) in all their software systems.Inappropriate use of data from users is subject to penalties if violated. Knowledge of how to achieve data protection compliance is still quite limited from the point of view of software development teams. Much work has been developed proposing methodologies for privacy requirements’ elicitation [4,5,6,7,8,9,10,11,12], we found few works in the literature that have conducted empirical studies to describe how the software industry faces problems related to software development teams perceptions of system privacy [3,13,14], as well as what knowledge these professionals have, in order to perform correct implementations of these requirements along with the compliance with current legislation [13]. Considering information systems, system privacy has been widely analyzed in recent years, especially with the advent of legal regulations and international standards [18,19,20]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
