skip to main content
10.1145/3613372.3613375acmotherconferencesArticle/Chapter ViewAbstractPublication PagessbesConference Proceedingsconference-collections
research-article

Adoption of the LGPD Inventory in the User Stories and BDD Scenarios Creation

Published: 25 September 2023 Publication History

Abstract

Today's society heavily relies on intelligent technologies that capture and monitor real-time data, necessitating strong measures to ensure personal data privacy and protection. Regulatory frameworks like the General Data Protection Law (LGPD) in Brazil require software development to consider privacy throughout the software life cycle, significantly impacting the Requirements Engineering process. The LGPD mandates all companies to maintain a Personal Data Inventory (PDI) that records the flow of personal data from collection to disposal. This study investigates the feasibility of using the PDI in creating User Stories and Behavior-Driven Development (BDD) Scenarios, commonly used in requirements documentation for agile methodologies. Our research examines the correlation between PDI elements and User Stories/BDD Scenarios to assess their compatibility for representing and documenting software functionalities. The findings propose a mapping between these elements, supporting further research in Software Engineering and Information Security. The IDP shows promise in facilitating the construction of User Stories and BDD Scenarios and serves as a foundational reference for developing the PDI, a crucial legal document.

References

[1]
Lei Geral de Proteção de Dados (LGPD), Lei no. 13.709, de 14 de agosto de 2018.
[2]
General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, 27 April 2016.
[3]
Alkubaisy, D., Piras, L., Al-Obeidallah, M.G., Cox, K. And Mouratidis, H. 2022. A framework for privacy and security requirements analysis and conflict resolution for supporting GDPR compliance through privacy-by-design. In Ali, R., Kaindl, H. and Maciaszek, L.A. (eds.). Cham: Springer [online], pages 67-87. Available from: https://doi.org/10.1007/978-3-030-96648-5_4
[4]
Senarath, A.R., Arachchilage, N.A.G., 2018b. Understanding user privacy expectations: A software developer's perspective. Telemat. Inform. 35, 1845-1862. http://dx.doi.org/10.1016/j.tele.2018.05.012.
[5]
Senarath, A., Grobler, M., Arachchilage, N.A.G., 2019. Will they use it or not? Investigating software developers' intention to follow privacy engineering methodologies. ACM Trans. Priv. Secur. 22, 1-30. http://dx.doi.org/10.1145/ 3364224.
[6]
ANPD. Guia de Elaboração de Inventário de Dados Pessoais. Brasília, DF: ANPD, [2023]. Disponível em: https://www.gov.br/governodigital/pt-br/seguranca-e-protecao-de-dados/ppsi/guia_inventario_dados_pessoais.pdf. Acesso em: May 01, 2023.
[7]
A Mihel A, Vrhovec S, Hovelja T. Agile development of secure software for small and medium-sized enterprises. Sustainability. 2023;15(1):801.
[8]
Georges T, Guiding feature models synthesis from user-stories: an exploratory approach. Synthesis. 2023. 30:31.
[9]
Parsa S. Acceptance testing and behavior driven development (BDD). In: Software Testing Automation: Testability Evaluation, Refactoring, Test Data Generation and Fault Localization. Cham: Springer International Publishing; 2023. p. 79-158.
[10]
Peixoto, M., Silva, C., Lima, R., Araújo, J., Gorschek, T., & Silva, J. (2019). PCM Tool: Privacy Requirements Specification in Agile Software Development. In Anais Estendidos do X Congresso Brasileiro de Software: Teoria e Prática, (pp. 108-113). Porto Alegre: SBC.
[11]
Peixoto, Mariana, "The perspective of Brazilian software developers on data privacy." Journal of Systems and Software 195 (2023): 111523.
[12]
de Melo Filho DR, Metodologia Scrum: Uma aliada na implementação da LGPD. Research, Society and Development. 2023;12(4):e22712441189-e22712441189.
[13]
Cardoso DL, Cardoso T. Adequação da LGPD via "Projetos Ágeis Scrum". Boletim do Gerenciamento. 2023. 35(35):28-41.
[14]
Camílio MN, Alves CF. G-Priv: Um Guia para Apoiar a Especificação de Requisitos de Privacidade em Conformidade com a LGPD. iSys-Brazilian Journal of Information Systems. 2023. 16(1):2-1.
[15]
Pohl K, Rupp C. Requirements Engineering: Fundamentals, Principles, and Techniques. Springer; 2015.
[16]
R Rose, S.; Wynne, M.; Helles‚àö‚àèy, A. The Cucumber for Java Book: Behaviour-Driven Development for Testers and Developers. Birmingham: Pragmatic Bookshelf, 2015.

Cited By

View all
  • (2024)Percepções Iniciais de Estudantes da Graduação sobre a LGPD e Sistemas de InformaçãoAnais do IX Workshop sobre Aspectos Sociais, Humanos e Econômicos de Software (WASHES 2024)10.5753/washes.2024.2935(152-157)Online publication date: 21-Jul-2024
  • (2024)LGPD e Requisitos de Software: Desafios e Oportunidades de PesquisaAnais do IX Workshop sobre Aspectos Sociais, Humanos e Econômicos de Software (WASHES 2024)10.5753/washes.2024.2311(169-174)Online publication date: 21-Jul-2024
  • (2024)Ensino da Adequação à LGPD no Desenvolvimento de Software através da Aprendizagem Ativa e Centrada no DiscenteAnais do IV Simpósio Brasileiro de Educação em Computação (EDUCOMP 2024)10.5753/educomp.2024.237528(204-213)Online publication date: 22-Apr-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
SBES '23: Proceedings of the XXXVII Brazilian Symposium on Software Engineering
September 2023
570 pages
ISBN:9798400707872
DOI:10.1145/3613372
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 September 2023

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Cenários BDD
  2. Engenharia de Requisitos Ágeis
  3. Estórias de Usuário
  4. Inventário de Dados Pessoais
  5. LGPD
  6. Privacidade e Proteção de Dados

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

SBES 2023
SBES 2023: XXXVII Brazilian Symposium on Software Engineering
September 25 - 29, 2023
Campo Grande, Brazil

Acceptance Rates

Overall Acceptance Rate 147 of 427 submissions, 34%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)22
  • Downloads (Last 6 weeks)3
Reflects downloads up to 05 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Percepções Iniciais de Estudantes da Graduação sobre a LGPD e Sistemas de InformaçãoAnais do IX Workshop sobre Aspectos Sociais, Humanos e Econômicos de Software (WASHES 2024)10.5753/washes.2024.2935(152-157)Online publication date: 21-Jul-2024
  • (2024)LGPD e Requisitos de Software: Desafios e Oportunidades de PesquisaAnais do IX Workshop sobre Aspectos Sociais, Humanos e Econômicos de Software (WASHES 2024)10.5753/washes.2024.2311(169-174)Online publication date: 21-Jul-2024
  • (2024)Ensino da Adequação à LGPD no Desenvolvimento de Software através da Aprendizagem Ativa e Centrada no DiscenteAnais do IV Simpósio Brasileiro de Educação em Computação (EDUCOMP 2024)10.5753/educomp.2024.237528(204-213)Online publication date: 22-Apr-2024
  • (2024)Um método para transformação de requisitos legais em padrões de requisitos de software: Um estudo com a LGPDAnais do XXVII Congresso Ibero-Americano em Engenharia de Software (CIbSE 2024)10.5753/cibse.2024.28460(348-355)Online publication date: 6-May-2024
  • (2024)GranDIHC-BR 2025-2035 - GC5 - Human-Data Interaction Data Literacy and Usable Privacy✱Proceedings of the XXIII Brazilian Symposium on Human Factors in Computing Systems10.1145/3702038.3702058(1-24)Online publication date: 7-Oct-2024
  • (2024)Evaluating Privacy Requirement Patterns Based on the Brazilian General Personal Data Protection LawProceedings of the XXIII Brazilian Symposium on Software Quality10.1145/3701625.3701651(114-124)Online publication date: 5-Nov-2024

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media