The study investigated the implementation of privacy engineering in software development at the National Privacy Commission (NPC) with a specific focus on the Data Breach Notification Management System (DBNMS). Objectives include identifying the factors that contribute to the success or failure of privacy engineering in the NPC's software development context, to provide valuable insights into the integration of privacy measures. This includes the development of actionable guidance for the effective integration of privacy and security in software engineering at the NPC, tailored specifically for NPC engineers and encompassing methodologies for incorporating privacy engineering throughout the software development life cycle. This is to empower NPC software engineers with practical tools and strategies to create a secure and privacy-respecting environment. Qualitative methodology and thematic analysis approach were utilized to assess the effectiveness of privacy engineering techniques. To gather insights, semi structured interviews were conducted with both internal and external stakeholders composed of software developers, data protection officers, and other internal and external users of the DBNMS. Evaluation yielded positive remarks both from internal and external participants. Factors that contributed to the success and failure of privacy engineering techniques in software development include rapid evolution of technology, lack of funds, and stakeholder engagement, among others. Overall, the findings are expected to contribute to the broader discourse on privacy engineering and have implications for policymakers, software development practitioners, and organizations looking to enhance their privacy practices in the digital age.
The study investigated the implementation of privacy engineering in software development at the National Privacy Commission (NPC) with a specific focus on the Data Breach Notification Management System (DBNMS). Objectives include identifying the factors that contribute to the success or failure of privacy engineering in the NPC's software development context, to provide valuable insights into the integration of privacy measures. This includes the development of actionable guidance for the effective integration of privacy and security in software engineering at the NPC, tailored specifically for NPC engineers and encompassing methodologies for incorporating privacy engineering throughout the software development life cycle. This is to empower NPC software engineers with practical tools and strategies to create a secure and privacy-respecting environment. Qualitative methodology and thematic analysis approach were utilized to assess the effectiveness of privacy engineering techniques. To gather insights, semi structured interviews were conducted with both internal and external stakeholders composed of software developers, data protection officers, and other internal and external users of the DBNMS. Evaluation yielded positive remarks both from internal and external participants. Factors that contributed to the success and failure of privacy engineering techniques in software development include rapid evolution of technology, lack of funds, and stakeholder engagement, among others. Overall, the findings are expected to contribute to the broader discourse on privacy engineering and have implications for policymakers, software development practitioners, and organizations looking to enhance their privacy practices in the digital age.
Requisitos de software, sejam funcionais ou não funcionais, são elementos essenciais da Engenharia de Software, e presentes no cotidiano dos projetos de desenvolvimento de sistemas. As atividades de elicitação e especificação muitas vezes envolvem equipe de desenvolvimento, clientes, e acesso a dados de instituições ou empresas. A LGPD surge como uma forma de proteger os dados e direitos fundamentais de liberdade e de privacidade dos indivíduos. Nesse contexto, esse trabalho visa apresentar desafios e oportunidades de pesquisa para requisitos e a LGPD, de forma que os indivíduos tenham a proteção de seus dados já incorporados no processo de desenvolvimento de software.
A Lei Geral de Proteção de Dados (LGPD) apresenta diretrizes para fatores importantes na garantia da privacidade dos dados dos usuários. Em um contexto institucional, no qual diversas aplicações e sistemas coexistem, dados são obtidos e gerados a todo momento. Existe uma dificuldade na adequação na LGPD, seja custos adicionais ou desconhecimento da LGPD e como implantá-la. O objetivo da pesquisa é analisar o nível de compreensão da LGPD e estabelecer conexões entre práticas eficazes e inadequadas. À princípio, foram consultados alunos de cursos de graduação. Como contribuição inicial, fatores relacionados à LGPD foram identificados, e que devem ser considerados para promover um desenvolvimento mais seguro.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.