Protection Goals for Privacy Engineering

Hansen, Marit; Jensen, Meiko; Rost, Martin

doi:10.1109/spw.2015.13

Cited by 102 publications

(101 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this paper, we consider the generation of privacy requirements related to the protection goals for privacy engineering proposed by Hansen [5]. These protection goals include the classical security goals confidentiality, integrity, and availability and the privacy goals unlinkability, transparency, and intervenability.…”

Section: Overview Of Our Methodsmentioning

confidence: 99%

“…We consider the six protection goals for privacy engineering unlinkability, transparency, intervenability, confidentiality, integrity, and availability proposed by Hansen et al [5]. Hansen et al state that the protection goal of unlinkability includes further properties such as anonymity, pseudonymity, and undetectability.…”

Section: Generate Privacy Requirements Candidatesmentioning

confidence: 99%

“…Privacy also aims at increasing the awareness of end-users about how their data is handled and to empower them to keep the control over their data. Hansen et al [5] propose six protection goals for privacy engineering. These are the three classical security goals confidentiality, integrity, and availability, as well as the protection goals unlinkability, transparency, and intervenability.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Computer-Aided Identification and Validation of Privacy Requirements

Meis

Heisel

2016

Information

View full text Add to dashboard Cite

Privacy is a software quality that is closely related to security. The main difference is that security properties aim at the protection of assets that are crucial for the considered system, and privacy aims at the protection of personal data that are processed by the system. The identification of privacy protection needs in complex systems is a hard and error prone task. Stakeholders whose personal data are processed might be overlooked, or the sensitivity and the need of protection of the personal data might be underestimated. The later personal data and the needs to protect them are identified during the development process, the more expensive it is to fix these issues, because the needed changes of the system-to-be often affect many functionalities. In this paper, we present a systematic method to identify the privacy needs of a software system based on a set of functional requirements by extending the problem-based privacy analysis (ProPAn) method. Our method is tool-supported and automated where possible to reduce the effort that has to be spent for the privacy analysis, which is especially important when considering complex systems. The contribution of this paper is a semi-automatic method to identify the relevant privacy requirements for a software-to-be based on its functional requirements. The considered privacy requirements address all dimensions of privacy that are relevant for software development. As our method is solely based on the functional requirements of the system to be, we enable users of our method to identify the privacy protection needs that have to be addressed by the software-to-be at an early stage of the development. As initial evaluation of our method, we show its applicability on a small electronic health system scenario.

show abstract

Section: Overview Of Our Methodsmentioning

confidence: 99%

Section: Generate Privacy Requirements Candidatesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Computer-Aided Identification and Validation of Privacy Requirements

Meis

Heisel

2016

Information

View full text Add to dashboard Cite

show abstract

“…The authors conclude that "privacy by design should be approached less from a 'code' perspective, but rather from the perspective of 'communication' strategies". In this regard, there are privacy design strategies like the proposed by Deng et al [17], Hoepman [22], Heurix et al [23], or Hansen et al [24] that consider privacy and data protection principles from the beginning of the development process.…”

Section: Related Workmentioning

confidence: 99%

Institutional Violence Complaints in Argentina: A Privacy Study

Roa

Villarreal

Fantinato

et al. 2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

show abstract

“…technologies that make use of privacy design strategies [15] or consider protection goals for privacy engineering [13]). Compared to a denition that restricts PETs to data minimisation, this approach provides greater exibility and adaptability, albeit adds complexity when statements on the privacy enhancement properties in various categories have to be elaborated.…”

Section: Privacy-enhancing Technologymentioning

confidence: 99%

Towards Measuring Maturity of Privacy-Enhancing Technologies

Hansen

Hoepman

Jensen

2016

Privacy Technologies and Policy

Self Cite

View full text Add to dashboard Cite

Abstract. The assessment of the maturity of Privacy-Enhancing Technologies (PETs) is a complex and challenging task, which can only be performed by experts in the eld. However, at the same time, the need for precise technology readiness and quality denitions for PETs emerges rapidly. In order to overcome this gap, standardised means to assess, discuss, and compare PET maturity levels are necessary. In this paper, we propose an approach for assessing the maturity of PETs. We dene both the scales and the methodology for measuring maturity of PETs, in a way that is independent from the domain of application. Based on an in-depth analysis of the criteria to be met by such a PET maturity level scheme, we propose a combined quality-and-readiness level scale to be used for this purpose.

show abstract

Protection Goals for Privacy Engineering

Cited by 102 publications

References 32 publications

Computer-Aided Identification and Validation of Privacy Requirements

Computer-Aided Identification and Validation of Privacy Requirements

Institutional Violence Complaints in Argentina: A Privacy Study

Towards Measuring Maturity of Privacy-Enhancing Technologies

Contact Info

Product

Resources

About