Extending an LGPD Compliance Inspection Checklist to Assess IoT Solutions: An Initial Proposal

Ivonildo Pereira; João Mendes; Davi Viana; Luis Rivero; Waldemar Ferreira; Sergio Soares

doi:10.5753/cbsoft_estendido.2022.226679

Ivonildo Pereira UFPE
João Mendes UFMA
Davi Viana UFMA
Luis Rivero UFMA
Waldemar Ferreira UFPE
Sergio Soares UFPE

DOI: https://doi.org/10.5753/cbsoft_estendido.2022.226679

Resumo

Society has become more dependent on technology, so investments in information security have become essential. In Brazil, the General Data Protection Law (Lei Geral de Protecão dos Dados LGPD) legislates information security management. This work aims to propose an instrument to evaluate the adequacy of IoT solutions regarding the LGPD. The proposal evaluation took place in a private institution linked to industrial innovation. The proposed mechanism can assist professionals in verifying the LGPD adequacy in IoT projects. The study identified LGPD compliance defects in an IoT solution deployed in several industries all over the 23 Brazilian states. However, the results cannot be generalized since we only evaluated it in a single company and one software solution. Replications are needed to identify whether these results apply to other companies and solutions.

Referências

Bernardi, E., Miyake, M. Y., dos Santos, A. S., Merichelli, M. P., Pereira, M. J., and Polkorny, M. (2020). Brazilian scenarios for smart cities deployment from public policies perspectives. In 2020 IEEE International Smart Cities Conference (ISC2), pages 1-8.

de Oliveira, N., Gomes, M., Lopes, R., and Nobre, J. (2019). Segurança da informação para internet das coisas (iot): uma abordagem sobre a lei geral de proteção de dados (lgpd). Revista Eletrônica de Iniciação Científica em Computação, 17(4).

de Souza, J. S., Abe, J. M., de Lima, L. A., and de Souza, N. A. (2020). The general law principles for protection the personal data and their importance. arXiv preprint arXiv:2009.14313.

Debus, M. (1994). Manual para excelencia en la investigación mediante grupos focales. In Manual para excelencia en la investigación mediante grupos focales, pages 97-97.

Garg, H. and Dave, M. (2019). Securing iot devices and securelyconnecting the dots using rest api and middleware. In 2019 4th International Conference on Internet of Things: Smart Innovation and Usages (IoT-SIU), pages 1-6.

Mendes, J., Viana, D., and Rivero, L. (2021). Developing an inspection checklist for the adequacy assessment of software systems to quality attributes of the brazilian general data protection law: An initial proposal. In Brazilian Symposium on Software Engineering, pages 263-268.

Nielsen, J. (1994). Usability inspection methods. In Conference companion on Human factors in computing systems, pages 413-414.

Pinheiro, P. P. (2020). Proteção de Dados Pessoais: Comentários à Lei n. 13.709/2018-LGPD. Saraiva Educação SA.

Ribeiro, S. L. and Nakamura, E. T. (2019). Privacy protection with pseudonymization and anonymization in a health iot system: Results from ocariot. In 2019 IEEE 19th International Conference on Bioinformatics and Bioengineering (BIBE), pages 904-908.

Wachter, S. (2018). Normative challenges of identification in the internet of things: Privacy, profiling, discrimination, and the gdpr. Computer law & security review, 34(3):436-449.