Information practices and systems that make use of personal and health-related information are governed by European laws and regulations to prevent unauthorized use and disclosure. Failure to comply with these laws and regulations results in huge monetary sanctions, which both private companies and public administrations want to avoid. How to comply with these laws, requires understanding the privacy requirements imposed on information systems. A holistic approach to privacy requirements specification calls for understanding not only the requirements derived from law, but also citizens' needs with respect to privacy. In this paper, we report on our experience in conducting privacy requirements engineering as part of a H2020 European Project, namely VisiOn (Visual Privacy Management in User Centric Open Requirements) for the development of a privacy platform to improve the interaction between Public Administrations (PA) and citizens, while guarding the privacy of the latter. Specifically, we present the process for eliciting, classifying, prioritizing, and validating privacy requirements for the two types of users, namely PA and citizen. The process is applied to different cases spanning from healthcare to other e-governmental initiatives, with the active involvement of the corresponding PAs. We report on findings and lessons learned from this experience.

Privacy Requirements: Findings and Lessons Learned in Developing a Privacy Platform / Gharib, Mohamad; Salnitri, Mattia; Paja, Elda; Giorgini, Paolo; Mouratidis, Haralambos; Pavlidis, Michalis; Ruiz, Jose ́ F.; Fernandez, Sandra; Della Siria, Andrea. - STAMPA. - (2016), pp. 256-265. (Intervento presentato al convegno 24th IEEE International Requirements Engineering Conference, RE 2016 tenutosi a Beijing, China nel 12th-16th, September 2016) [10.1109/RE.2016.13].

Privacy Requirements: Findings and Lessons Learned in Developing a Privacy Platform

Gharib, Mohamad;Salnitri, Mattia;Paja, Elda;Giorgini, Paolo;
2016-01-01

Abstract

Information practices and systems that make use of personal and health-related information are governed by European laws and regulations to prevent unauthorized use and disclosure. Failure to comply with these laws and regulations results in huge monetary sanctions, which both private companies and public administrations want to avoid. How to comply with these laws, requires understanding the privacy requirements imposed on information systems. A holistic approach to privacy requirements specification calls for understanding not only the requirements derived from law, but also citizens' needs with respect to privacy. In this paper, we report on our experience in conducting privacy requirements engineering as part of a H2020 European Project, namely VisiOn (Visual Privacy Management in User Centric Open Requirements) for the development of a privacy platform to improve the interaction between Public Administrations (PA) and citizens, while guarding the privacy of the latter. Specifically, we present the process for eliciting, classifying, prioritizing, and validating privacy requirements for the two types of users, namely PA and citizen. The process is applied to different cases spanning from healthcare to other e-governmental initiatives, with the active involvement of the corresponding PAs. We report on findings and lessons learned from this experience.
2016
Proceedings 2016 IEEE 24th International Requirements Engineering Conference: 12–16 September 2016 Beijing, China
Piscataway, NJ
IEEE
978-1-5090-4121-3
Gharib, Mohamad; Salnitri, Mattia; Paja, Elda; Giorgini, Paolo; Mouratidis, Haralambos; Pavlidis, Michalis; Ruiz, Jose ́ F.; Fernandez, Sandra; Della ...espandi
Privacy Requirements: Findings and Lessons Learned in Developing a Privacy Platform / Gharib, Mohamad; Salnitri, Mattia; Paja, Elda; Giorgini, Paolo; Mouratidis, Haralambos; Pavlidis, Michalis; Ruiz, Jose ́ F.; Fernandez, Sandra; Della Siria, Andrea. - STAMPA. - (2016), pp. 256-265. (Intervento presentato al convegno 24th IEEE International Requirements Engineering Conference, RE 2016 tenutosi a Beijing, China nel 12th-16th, September 2016) [10.1109/RE.2016.13].
File in questo prodotto:
File Dimensione Formato  
RE16-Vision.pdf

Solo gestori archivio

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 776.13 kB
Formato Adobe PDF
776.13 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/168376
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 23
  • ???jsp.display-item.citation.isi??? 18
  • OpenAlex ND
social impact