Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Evaluating a privacy requirements specification method by using a mixed-method approach: results and lessons learned
Universidade Federal de Pernambuco (UFPE), BRA.
Universidade Federal de Pernambuco (UFPE), BRA.
Universidade Nova de Lisboa (UNL), PRT.
Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.ORCID iD: 0000-0002-3646-235x
Show others and affiliations
2023 (English)In: Requirements Engineering, ISSN 0947-3602, E-ISSN 1432-010X, Vol. 28, no 2, p. 229-255Article in journal (Refereed) Published
Abstract [en]

Although agile software development (ASD) has been adopted in the industry, requirements approaches for ASD still neglect non-functional requirements. Privacy has become a concern due to new user demands and data protection laws. Hence, privacy needs to be properly specified, but agile requirements engineering techniques do not explicitly represent privacy requirements and, therefore, are not able to proper analyze such requirements. In this context, Privacy Criteria Method (PCM), an approach to specify privacy in requirements activities, was proposed to produce more complete and detailed privacy requirements. By considering PCM a promising approach to be used in ASD and the importance of empirical evaluation of new methods, we have as objectives: 1 evaluate the ability of PCM to support systems analysts in specifying privacy requirements when used in conjunction with some agile specification methods; and 2 show our lessons learned in conducting empirical research based on an mix-method approach defined to empirically evaluate the suitability of a requirements specification in specifying privacy requirements. Mixed-method approach is a controlled experiment as a quantitative evaluation and a feasibility study (questionnaire and task analysis based) study as a qualitative and quantitative evaluation. The requirements specifications following PCM allow to represent privacy aspects, such as user’s personal data and the privacy mechanism that can be used to mitigate a privacy risk scenario. We also observed that some extra time is necessary to specify privacy requirements with PCM, but it does not imply a greater perceived effort. Specifications produced with PCM are of good quality and more privacy detailed. Additionally, we attest to the importance of conducting empirical research to evaluate new methods. PCM assists in specifying more complete and detailed in relation to traditional techniques used in ASD, which facilitates communication between the requirements analysts and developers. © 2022, The Author(s), under exclusive licence to Springer-Verlag London Ltd., part of Springer Nature.

Place, publisher, year, edition, pages
Springer Science+Business Media B.V., 2023. Vol. 28, no 2, p. 229-255
Keywords [en]
Agile software development, Empirical study, Privacy criteria method, Privacy requirements specification, Job analysis, Requirements engineering, Risk perception, Software design, Specifications, Empirical research, Empirical studies, Industry requirements, Mixed method, Privacy requirement specification, Privacy requirements, Quantitative evaluation, Requirements specifications, Data privacy
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:bth-23724DOI: 10.1007/s00766-022-00388-2ISI: 000857797700001Scopus ID: 2-s2.0-85138227443OAI: oai:DiVA.org:bth-23724DiVA, id: diva2:1701594
Part of project
SERT- Software Engineering ReThought, Knowledge Foundation
Funder
Knowledge Foundation, 20180010Available from: 2022-10-06 Created: 2022-10-06 Last updated: 2023-06-19Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Gorschek, Tony

Search in DiVA

By author/editor
Gorschek, Tony
By organisation
Department of Software Engineering
In the same journal
Requirements Engineering
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 52 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf