Reusable Knowledge for Achieving Privacy: A Canadian Health Information Technologies Perspective

Ilca Webster, Vera Ivanova, Luiz Marcio Cysneiros
2005 Workshop em Engenharia de Requisitos  
Privacy is a fundamental aspect when dealing with Personal Information. Privacy requirements are those that capture privacy goals and its associated measures for a system under development. In order to ensure privacy we must identify these elements. However, there are many challenges in their identification. For example, privacy requirements may be difficult to quantify and precisely specify. There is a need for systematic approaches for reasoning, modeling and analyzing privacy from the early
more » ... tages of the software development. Furthermore, it is necessary to develop a usable ontology or classification of measurable aspects of privacy that can be used to aid in the specification of privacy requirements. These ontologies should be represented in a way that facilitates their use as guidelines for the requirements elicitation process. This work builds on a review of privacy legislation to develop a catalog of aspects of privacy that can be considered during requirements gathering. This catalogue is used to guide the requirements engineer through alternatives for achieving privacy. The approach uses the i* framework to model privacy as a special type of goal. We show how privacy can be modelled through different viewpoints with different alternatives for its operationalization. An example in the health care domain is used to illustrate our work.
dblp:conf/wer/WebsterIC05 fatcat:f2fp32wsjfhqzpx4bgh2dwbeia