Towards privacy-aware software design in small and medium enterprises

Cited by: 3

Access paper here

Abstract: The legal definition of privacy regulations, like GDPR in the European Union, significantly impacted on the way in which software, systems and organizations should be designed or maintained to be compliant to rules. While the privacy community stated proper risk assessment and mitigation approaches to be applied, literature seems to suggest that the software engineering community, with special reference to companies, did actually concentrate on the specification phase, with less attention for the test phase of products. In coherence with the privacy-by-design approach, we believe that a bigger methodological effort must be put in the systematic adaptation of software development cycles to privacy regulations, and that this effort might be promoted in the industrial community by focusing on the relation between organizational costs vs technical features, also leveraging the benefits of targeted testing as a mean to lower operational privacy enforcement costs. © 2022 IEEE.

Author Keywords: Agile methodology; GDPR; Nonfunctional requirements; Privacy; Privacy-by-design; Risk analysis; Software design; Software development life cycle (SDLC)

Bibtex citation:

@CONFERENCE{Campanile2022,
    author = "Campanile, Lelio and Iacono, Mauro and Mastroianni, Michele",
    title = "Towards privacy-aware software design in small and medium enterprises",
    year = "2022",
    journal = "Proceedings of the 2022 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2022",
    doi = "10.1109/DASC/PiCom/CBDCom/Cy55231.2022.9927958",
    type = "Conference paper"
}

Download .bib file