Developing an Inspection Checklist for the Adequacy Assessment of Software Systems to Quality Attributes of the Brazilian General Data Protection Law: An Initial Proposal

Resumo

The General Data Protection Law (LGPD) in Brazil was created with the goal of regulating how associations collect, transmit and store users’ personal data. Although it became applicable in 2020, several software development teams still don’t know what quality attributes are necessary for a system to comply with such law and to avoid legal and monetary penalties. Furthermore, there are still no checklists for verifying quality criteria related to the Brazilian LGPD. In this paper, an inspection checklist is proposed to evaluate software systems regarding their adherence to the Brazilian LGPD. We identified the attributes from papers describing the impact of the law in the development of Brazilian software systems; and from papers describing existing techniques and quality attributes for evaluating the adherence of software systems to laws from other countries. The final evaluation checklist contains a total of 52 attributes distributed in evaluation categories, such as: transparency, legal rights, security, contentment and responsibility. To assess the proposed checklist, we applied the checklist to evaluate a government web application. The initial results indicate that the current version of the checklist allows the identification of problems regarding the adherence of software systems to the Brazilian LGPD.