A natural language-based method to specify privacy requirements: an evaluation with practitionersShow others and affiliations
2024 (English)In: Requirements Engineering, ISSN 0947-3602, E-ISSN 1432-010X, Vol. 29, no 3, p. 279-301Article in journal (Refereed) Published
Abstract [en]
Organisations are becoming concerned with effectively dealing with privacy-related requirements. Existing Requirements Engineering methods based on structured natural language suffer from several limitations both in eliciting and specifying privacy requirements. In our previous study, we proposed a structured natural-language approach called the “Privacy Criteria Method” (PCM), which demonstrates potential advantages over user stories. Our goal is to present a PCM evaluation that focused on the opinions of software practitioners from different companies on PCM’s ability to support the specification of privacy requirements and the quality of the privacy requirements specifications produced by these software practitioners. We conducted a multiple case study to evaluate PCM in four different industrial contexts. We gathered and analysed the opinions of 21 practitioners on PCM usage regarding Coverage, Applicability, Usefulness, and Scalability. Moreover, we assessed the syntactic and semantic quality of the PCM artifacts produced by these practitioners. PCM can aid developers in elaborating requirements specifications focused on privacy with good quality. The practitioners found PCM to be useful for their companies’ development processes. PCM is considered a promising method for specifying privacy requirements. Some slight extensions of PCM may be required to tailor the method to the characteristics of the company. © The Author(s), under exclusive licence to Springer-Verlag London Ltd., part of Springer Nature 2024.
Place, publisher, year, edition, pages
Springer Science+Business Media B.V., 2024. Vol. 29, no 3, p. 279-301
Keywords [en]
Empirical study, Privacy criteria method, Privacy requirements specification, Software development, Quality control, Requirements engineering, Semantics, Software design, Empirical studies, Engineering methods, Natural languages, Privacy requirement specification, Privacy requirements, Requirement engineering, Requirements specifications, Software practitioners, User stories, Specifications
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:bth-26772DOI: 10.1007/s00766-024-00428-zISI: 001272283700001Scopus ID: 2-s2.0-85198939572OAI: oai:DiVA.org:bth-26772DiVA, id: diva2:1887738
Part of project
SERT- Software Engineering ReThought, Knowledge Foundation
Funder
Knowledge Foundation, 201800102024-08-092024-08-092024-09-19Bibliographically approved