ABSTRACT
Today's society heavily relies on intelligent technologies that capture and monitor real-time data, necessitating strong measures to ensure personal data privacy and protection. Regulatory frameworks like the General Data Protection Law (LGPD) in Brazil require software development to consider privacy throughout the software life cycle, significantly impacting the Requirements Engineering process. The LGPD mandates all companies to maintain a Personal Data Inventory (PDI) that records the flow of personal data from collection to disposal. This study investigates the feasibility of using the PDI in creating User Stories and Behavior-Driven Development (BDD) Scenarios, commonly used in requirements documentation for agile methodologies. Our research examines the correlation between PDI elements and User Stories/BDD Scenarios to assess their compatibility for representing and documenting software functionalities. The findings propose a mapping between these elements, supporting further research in Software Engineering and Information Security. The IDP shows promise in facilitating the construction of User Stories and BDD Scenarios and serves as a foundational reference for developing the PDI, a crucial legal document.
- Lei Geral de Proteção de Dados (LGPD), Lei no. 13.709, de 14 de agosto de 2018.Google Scholar
- General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, 27 April 2016.Google Scholar
- Alkubaisy, D., Piras, L., Al-Obeidallah, M.G., Cox, K. And Mouratidis, H. 2022. A framework for privacy and security requirements analysis and conflict resolution for supporting GDPR compliance through privacy-by-design. In Ali, R., Kaindl, H. and Maciaszek, L.A. (eds.). Cham: Springer [online], pages 67-87. Available from: https://doi.org/10.1007/978-3-030-96648-5_4Google ScholarCross Ref
- Senarath, A.R., Arachchilage, N.A.G., 2018b. Understanding user privacy expectations: A software developer's perspective. Telemat. Inform. 35, 1845-1862. http://dx.doi.org/10.1016/j.tele.2018.05.012.Google ScholarCross Ref
- Senarath, A., Grobler, M., Arachchilage, N.A.G., 2019. Will they use it or not? Investigating software developers' intention to follow privacy engineering methodologies. ACM Trans. Priv. Secur. 22, 1-30. http://dx.doi.org/10.1145/ 3364224.Google ScholarDigital Library
- ANPD. Guia de Elaboração de Inventário de Dados Pessoais. Brasília, DF: ANPD, [2023]. Disponível em: https://www.gov.br/governodigital/pt-br/seguranca-e-protecao-de-dados/ppsi/guia_inventario_dados_pessoais.pdf. Acesso em: May 01, 2023.Google Scholar
- A Mihel A, Vrhovec S, Hovelja T. Agile development of secure software for small and medium-sized enterprises. Sustainability. 2023;15(1):801.Google Scholar
- Georges T, Guiding feature models synthesis from user-stories: an exploratory approach. Synthesis. 2023. 30:31.Google Scholar
- Parsa S. Acceptance testing and behavior driven development (BDD). In: Software Testing Automation: Testability Evaluation, Refactoring, Test Data Generation and Fault Localization. Cham: Springer International Publishing; 2023. p. 79-158.Google ScholarCross Ref
- Peixoto, M., Silva, C., Lima, R., Araújo, J., Gorschek, T., & Silva, J. (2019). PCM Tool: Privacy Requirements Specification in Agile Software Development. In Anais Estendidos do X Congresso Brasileiro de Software: Teoria e Prática, (pp. 108-113). Porto Alegre: SBC. doi:10.5753/cbsoft_estendido.2019.7666Google ScholarCross Ref
- Peixoto, Mariana, "The perspective of Brazilian software developers on data privacy." Journal of Systems and Software 195 (2023): 111523.Google Scholar
- de Melo Filho DR, Metodologia Scrum: Uma aliada na implementação da LGPD. Research, Society and Development. 2023;12(4):e22712441189-e22712441189.Google Scholar
- Cardoso DL, Cardoso T. Adequação da LGPD via "Projetos Ágeis Scrum". Boletim do Gerenciamento. 2023. 35(35):28-41.Google Scholar
- Camílio MN, Alves CF. G-Priv: Um Guia para Apoiar a Especificação de Requisitos de Privacidade em Conformidade com a LGPD. iSys-Brazilian Journal of Information Systems. 2023. 16(1):2-1.Google Scholar
- Pohl K, Rupp C. Requirements Engineering: Fundamentals, Principles, and Techniques. Springer; 2015.Google Scholar
- R Rose, S.; Wynne, M.; Helles‚àö‚àèy, A. The Cucumber for Java Book: Behaviour-Driven Development for Testers and Developers. Birmingham: Pragmatic Bookshelf, 2015.Google Scholar
Index Terms
- Adoption of the LGPD Inventory in the User Stories and BDD Scenarios Creation
Recommendations
Using MCDA for Selecting Criteria of LGPD Compliant Personal Data Security
dg.o '20: The 21st Annual International Conference on Digital Government ResearchThe protection of personal data is a problem that has been discussed in several countries. Most countries create laws and regulations to protect fundamental rights and privacy. The main data protection regulation approved by the European Union (EU) is ...
Comments