Teaching LGPD Compliance in Software Development through Active and Student-Centered Learning
Abstract
Teaching-learning approaches in Software Engineering courses need to bring theory and practice closer together and, therefore, active and student-centered methodologies have been proposed and evaluated. Furthermore, legislative demands impose, multidisciplinary, theories, methods and techniques that address the development of secure software, as provided for by the LGPD. Therefore, this work carried out an experiment with 142 undergraduate students who produced 947 agile artifacts from the LGPD Data Inventory. It was possible to conclude that Meaningful Learning, Computational Thinking and Problem-based Learning are appropriate for the insertion of new concepts in Higher Education.
Keywords:
LGPD, Secure Software Engineering, Active Methodology, Agile Requirements
References
Oguz, D., and Oguz, K. (2019). Perspectives on the gap between the software industry and software engineering education. IEEE Access, 7, 117527-117543. DOI: 10.1109/access.2019.2936660.
M. Cinque (2016). Lost in translation”. Soft skills development in European countries. Tuning Journal for Higher Education, 3(2), 389–427. DOI: 10.18543/tjhe-3(2)-2016pp389-427.
Dempsey, M., and Brennan, A. (2017). Turbocharging the journey into the liminal space and beyond. development, 27, 28. [link].
Tang, J., Zhang, S. X., and Lin, S. (2021). To reopen or not to reopen? How entrepreneurial alertness inbluences small business reopening after the COVID-19 lockdown. Journal of Business Venturing Insights, 16, e00275. DOI: 10.1016/j.jbvi.2021.
Tseng, H., Yi, X., and Yeh, H.-T. (2019). Learning-related soft skills among online business students in higher education: Grade level and managerial role differences in self-regulation, motivation, and social skill. Computers in Human Behavior, 95, 179–186. DOI: 10.1016/j.chb.2018.11.035.
Wei-Chang Kong. 2001.E-commerce and cultural values. IGI Publishing, Brennan, A., Dempsey, M., McAvoy, J., O’Dea, M., O’Leary, S., & Prendergast, M. (2023). How COVID-19 impacted soft skills development: The views of software engineering students. Cogent Education, 10(1). DOI: 10.1080/2331186X.2023.2171621.
García-Morales, V. J., Garrido-Moreno, A., and Martín-Rojas, R. (2021). The transformation of higher education after the COVID disruption: Emerging challenges in an online learning scenario. Frontiers in Psychology, 12, 196. DOI: 10.3389/fpsyg.2021.616059.
Gasiba, T. E., Iosif, A.-C., Suppan, S., Lechner, U., & Pinto-Albuquerque, M. (2023). Reblections on Training Next-Gen Industry Workforce on Secure Software Development. In Proceedings of the 5th European Conference on Software Engineering Education (ECSEE '23) (pp. 1–10). Association for Computing Machinery. DOI: 10.1145/3593663.3593665.
General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, 27 April 2016.
Lei Geral de Proteção de Dados (LGPD), Lei n. 13.709, de 14 de agosto de 2018.
Alkubaisy, D., Piras, L., Al-Obeidallah, M.G., Cox, K., & Mouratidis, H. (2022). A framework for privacy and security requirements analysis and conblict resolution for supporting GDPR compliance through privacy-by-design. In R. Ali, H. Kaindl, & L.A. Maciaszek (Eds.), Anais do XXXI Workshop sobre Educação em Computação (pp. 67-87). Cham: Springer. DOI: 10.1007/978-3-030-96648-5_4.
Senarath, A.R., & Arachchilage, N.A.G. (2018). Understanding user privacy expectations: A software developer’s perspective. Telematics and Informatics, 35, 1845–1862. DOI: 10.1016/j.tele.2018.05.012.
Senarath, A., Grobler, M., & Arachchilage, N.A.G. (2019). Will they use it or not? Investigating software developers’ intention to follow privacy engineering methodologies. ACM Transactions on Privacy and Security, 22, 1–30. DOI: 10.1145/3364224.
Gasiba, T. E., Iosif, A.-C., Suppan, S., Lechner, U., and Pinto-Albuquerque, M. (2023). Reblections on Training Next-Gen Industry Workforce on Secure Software Development. In Proceedings of the 5th European Conference on Software Engineering Education (ECSEE '23) (pp. 1–10). Association for Computing Machinery. DOI: 10.1145/3593663.3593665.
K. Pohl, C. Rupp. Requirements Engineering: Fundamentals, Principles, and Techniques. Springer; 2015.
A Mihelič A, Vrhovec S, Hovelja T. Agile development of secure software for small and medium-sized enterprises. Sustainability. 2023;15(1):801.
R Rose, S.; Wynne, M.; Helles√Πy, A. The Cucumber for Java Book: Behaviour-Driven Development for Testers and Developers. Birmingham: Pragmatic Bookshelf, 2015.
Georges T, et al. Guiding feature models synthesis from user-stories: an exploratory approach. Synthesis. 2023. 30:31.
Parsa S. Acceptance testing and behavior driven development (BDD). In: Software Testing Automation: Testability Evaluation, Refactoring, Test Data Generation and Fault Localization. Cham: Springer International Publishing; 2023. p. 79-158.
Peixoto, M., Silva, C., Lima, R., Araújo, J., Gorschek, T., & Silva, J. (2019). PCM Tool: Privacy Requirements Specibication in Agile Software Development. In Anais Estendidos do X Congresso Brasileiro de Software: Teoria e Prática, (pp. 108-113). Porto Alegre: SBC. DOI: 10.5753/cbsoft_estendido.2019.7666.
Peixoto, Mariana, et al. ""The perspective of Brazilian software developers on data privacy."" Journal of Systems and Software 195 (2023): 111523.
Cleber Nardelli. Seguran.a da Informação e LGPD Aplicado no Desenvolvimento de Software. In: ESCOLA REGIONAL DE ENGENHARIA DE SOFTWARE (ERES), 5. , 2021, Evento Online. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2021. p. 169-178. DOI: 10.5753/eres.2021.18462.
F. Alexandrini and C. Nardelli, C. (2021). PRIMEIRA FASE PRIMEIRA FASE DA SEGURANÇA DA INFORMAÇÃO E LGPD APLICADO NO DESENVOLVIMENTO DE SOFTWARE GOVERNO ELETRÔNICO. REVISTA DE EXTENSÃO E INICIAÇÃO CIENTÍFICA DA UNISOCIESC, 9(1). Recuperado de [link].
Bertan, B. C., Portilho, M. D. O., Gurbinkiel, M. V., & Borges, N. N.(2022). Abordagem da LGPD no desenvolvimento de software.
D. R. de Melo Filho, et al. Metodologia Scrum: Uma aliada na implementação da LGPD. Research, Society and Development. 2023;12(4):e22712441189-e22712441189.
D. L. Cardoso and T. Cardoso. Adequação da LGPD via “Projetos Ágeis Scrum”. Boletim do Gerenciamento. 2023. 35(35):28-41.
Camílio MN, Alves CF. G-Priv: Um Guia para Apoiar a Especibicação de Requisitos de Privacidade em Conformidade com a LGPD. iSys-Brazilian Journal of Information Systems. 2023. 16(1):2-1.
C. P. Santiago,J. W. Menezes and Aquino, F. J. A. (2003). Proposta e Avaliação de uma Metodologia de Aprendizagem Baseada em Projetos em Disciplinas de Engenharia de Software através de uma Sequência Didática. Revista Brasileira de Informática na Educa.ã o, 31, 31-59. DOI: 10.5753/rbie.2023.2817.
Cintra, C., and Bittencourt, R. (2023). As Experiências de Estudantes em um Curso de Engenharia de Computação Baseado em PBL. In Anais do XXXI Workshop sobre Educação em Computa.ão, (pp. 327-338). Porto Alegre: SBC. DOI: 10.5753/wei.2023.229276.
Beleti Junior, C. R. e de Faria Sforni, M. S. (2023) “Pesquisas experimentais no desenvolvimento do pensamento computacional: um mapeamento sistemático de literatura no ensino de conceitos de computação”, Educação em Foco, 26(49). DOI: 10.36704/eef.v26i49.6623.
Juliana Saraiva and Sergio Soares. 2023. Adoption of the LGPD Inventory in the User Stories and BDD Scenarios Creation. In Proceedings of the XXXVII Brazilian Symposium on Software Engineering (SBES '23). Association for Computing Machinery, New York, NY, USA, 416–421. DOI: 10.1145/3613372.3613375.
V. Basili, G. Caldiera, F., F. McGarry and H. D. Rombach (2007). GQM strategies--aligning business strategies with software measurement. In: First International Symposium on Empirical Software Engineering and Measurement (ESEM 2007).
M. Cinque (2016). Lost in translation”. Soft skills development in European countries. Tuning Journal for Higher Education, 3(2), 389–427. DOI: 10.18543/tjhe-3(2)-2016pp389-427.
Dempsey, M., and Brennan, A. (2017). Turbocharging the journey into the liminal space and beyond. development, 27, 28. [link].
Tang, J., Zhang, S. X., and Lin, S. (2021). To reopen or not to reopen? How entrepreneurial alertness inbluences small business reopening after the COVID-19 lockdown. Journal of Business Venturing Insights, 16, e00275. DOI: 10.1016/j.jbvi.2021.
Tseng, H., Yi, X., and Yeh, H.-T. (2019). Learning-related soft skills among online business students in higher education: Grade level and managerial role differences in self-regulation, motivation, and social skill. Computers in Human Behavior, 95, 179–186. DOI: 10.1016/j.chb.2018.11.035.
Wei-Chang Kong. 2001.E-commerce and cultural values. IGI Publishing, Brennan, A., Dempsey, M., McAvoy, J., O’Dea, M., O’Leary, S., & Prendergast, M. (2023). How COVID-19 impacted soft skills development: The views of software engineering students. Cogent Education, 10(1). DOI: 10.1080/2331186X.2023.2171621.
García-Morales, V. J., Garrido-Moreno, A., and Martín-Rojas, R. (2021). The transformation of higher education after the COVID disruption: Emerging challenges in an online learning scenario. Frontiers in Psychology, 12, 196. DOI: 10.3389/fpsyg.2021.616059.
Gasiba, T. E., Iosif, A.-C., Suppan, S., Lechner, U., & Pinto-Albuquerque, M. (2023). Reblections on Training Next-Gen Industry Workforce on Secure Software Development. In Proceedings of the 5th European Conference on Software Engineering Education (ECSEE '23) (pp. 1–10). Association for Computing Machinery. DOI: 10.1145/3593663.3593665.
General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, 27 April 2016.
Lei Geral de Proteção de Dados (LGPD), Lei n. 13.709, de 14 de agosto de 2018.
Alkubaisy, D., Piras, L., Al-Obeidallah, M.G., Cox, K., & Mouratidis, H. (2022). A framework for privacy and security requirements analysis and conblict resolution for supporting GDPR compliance through privacy-by-design. In R. Ali, H. Kaindl, & L.A. Maciaszek (Eds.), Anais do XXXI Workshop sobre Educação em Computação (pp. 67-87). Cham: Springer. DOI: 10.1007/978-3-030-96648-5_4.
Senarath, A.R., & Arachchilage, N.A.G. (2018). Understanding user privacy expectations: A software developer’s perspective. Telematics and Informatics, 35, 1845–1862. DOI: 10.1016/j.tele.2018.05.012.
Senarath, A., Grobler, M., & Arachchilage, N.A.G. (2019). Will they use it or not? Investigating software developers’ intention to follow privacy engineering methodologies. ACM Transactions on Privacy and Security, 22, 1–30. DOI: 10.1145/3364224.
Gasiba, T. E., Iosif, A.-C., Suppan, S., Lechner, U., and Pinto-Albuquerque, M. (2023). Reblections on Training Next-Gen Industry Workforce on Secure Software Development. In Proceedings of the 5th European Conference on Software Engineering Education (ECSEE '23) (pp. 1–10). Association for Computing Machinery. DOI: 10.1145/3593663.3593665.
K. Pohl, C. Rupp. Requirements Engineering: Fundamentals, Principles, and Techniques. Springer; 2015.
A Mihelič A, Vrhovec S, Hovelja T. Agile development of secure software for small and medium-sized enterprises. Sustainability. 2023;15(1):801.
R Rose, S.; Wynne, M.; Helles√Πy, A. The Cucumber for Java Book: Behaviour-Driven Development for Testers and Developers. Birmingham: Pragmatic Bookshelf, 2015.
Georges T, et al. Guiding feature models synthesis from user-stories: an exploratory approach. Synthesis. 2023. 30:31.
Parsa S. Acceptance testing and behavior driven development (BDD). In: Software Testing Automation: Testability Evaluation, Refactoring, Test Data Generation and Fault Localization. Cham: Springer International Publishing; 2023. p. 79-158.
Peixoto, M., Silva, C., Lima, R., Araújo, J., Gorschek, T., & Silva, J. (2019). PCM Tool: Privacy Requirements Specibication in Agile Software Development. In Anais Estendidos do X Congresso Brasileiro de Software: Teoria e Prática, (pp. 108-113). Porto Alegre: SBC. DOI: 10.5753/cbsoft_estendido.2019.7666.
Peixoto, Mariana, et al. ""The perspective of Brazilian software developers on data privacy."" Journal of Systems and Software 195 (2023): 111523.
Cleber Nardelli. Seguran.a da Informação e LGPD Aplicado no Desenvolvimento de Software. In: ESCOLA REGIONAL DE ENGENHARIA DE SOFTWARE (ERES), 5. , 2021, Evento Online. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2021. p. 169-178. DOI: 10.5753/eres.2021.18462.
F. Alexandrini and C. Nardelli, C. (2021). PRIMEIRA FASE PRIMEIRA FASE DA SEGURANÇA DA INFORMAÇÃO E LGPD APLICADO NO DESENVOLVIMENTO DE SOFTWARE GOVERNO ELETRÔNICO. REVISTA DE EXTENSÃO E INICIAÇÃO CIENTÍFICA DA UNISOCIESC, 9(1). Recuperado de [link].
Bertan, B. C., Portilho, M. D. O., Gurbinkiel, M. V., & Borges, N. N.(2022). Abordagem da LGPD no desenvolvimento de software.
D. R. de Melo Filho, et al. Metodologia Scrum: Uma aliada na implementação da LGPD. Research, Society and Development. 2023;12(4):e22712441189-e22712441189.
D. L. Cardoso and T. Cardoso. Adequação da LGPD via “Projetos Ágeis Scrum”. Boletim do Gerenciamento. 2023. 35(35):28-41.
Camílio MN, Alves CF. G-Priv: Um Guia para Apoiar a Especibicação de Requisitos de Privacidade em Conformidade com a LGPD. iSys-Brazilian Journal of Information Systems. 2023. 16(1):2-1.
C. P. Santiago,J. W. Menezes and Aquino, F. J. A. (2003). Proposta e Avaliação de uma Metodologia de Aprendizagem Baseada em Projetos em Disciplinas de Engenharia de Software através de uma Sequência Didática. Revista Brasileira de Informática na Educa.ã o, 31, 31-59. DOI: 10.5753/rbie.2023.2817.
Cintra, C., and Bittencourt, R. (2023). As Experiências de Estudantes em um Curso de Engenharia de Computação Baseado em PBL. In Anais do XXXI Workshop sobre Educação em Computa.ão, (pp. 327-338). Porto Alegre: SBC. DOI: 10.5753/wei.2023.229276.
Beleti Junior, C. R. e de Faria Sforni, M. S. (2023) “Pesquisas experimentais no desenvolvimento do pensamento computacional: um mapeamento sistemático de literatura no ensino de conceitos de computação”, Educação em Foco, 26(49). DOI: 10.36704/eef.v26i49.6623.
Juliana Saraiva and Sergio Soares. 2023. Adoption of the LGPD Inventory in the User Stories and BDD Scenarios Creation. In Proceedings of the XXXVII Brazilian Symposium on Software Engineering (SBES '23). Association for Computing Machinery, New York, NY, USA, 416–421. DOI: 10.1145/3613372.3613375.
V. Basili, G. Caldiera, F., F. McGarry and H. D. Rombach (2007). GQM strategies--aligning business strategies with software measurement. In: First International Symposium on Empirical Software Engineering and Measurement (ESEM 2007).
Published
2024-04-22
How to Cite
SARAIVA, Juliana; ARAÚJO, Juliana; SOARES, Sérgio.
Teaching LGPD Compliance in Software Development through Active and Student-Centered Learning. In: BRAZILIAN SYMPOSIUM ON COMPUTING EDUCATION (EDUCOMP), 4. , 2024, Evento Online.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 204-213.
ISSN 3086-0733.
DOI: https://doi.org/10.5753/educomp.2024.237528.
