The study investigated the implementation of privacy engineering in software development at the National Privacy Commission (NPC) with a specific focus on the Data Breach Notification Management System (DBNMS). Objectives include identifying the factors that contribute to the success or failure of privacy engineering in the NPC's software development context, to provide valuable insights into the integration of privacy measures. This includes the development of actionable guidance for the effective integration of privacy and security in software engineering at the NPC, tailored specifically for NPC engineers and encompassing methodologies for incorporating privacy engineering throughout the software development life cycle. This is to empower NPC software engineers with practical tools and strategies to create a secure and privacy-respecting environment. Qualitative methodology and thematic analysis approach were utilized to assess the effectiveness of privacy engineering techniques. To gather insights, semi structured interviews were conducted with both internal and external stakeholders composed of software developers, data protection officers, and other internal and external users of the DBNMS. Evaluation yielded positive remarks both from internal and external participants. Factors that contributed to the success and failure of privacy engineering techniques in software development include rapid evolution of technology, lack of funds, and stakeholder engagement, among others. Overall, the findings are expected to contribute to the broader discourse on privacy engineering and have implications for policymakers, software development practitioners, and organizations looking to enhance their privacy practices in the digital age.
Read full abstract