Short paper: Integrating the data protection impact assessment into the software development lifecycle
Abstract
Recent years have seen many privacy violations that have cost both the users of software systems and the businesses that run them in a variety of ways. One potential cause of these violations may be the ad hoc nature of the implementation of privacy measures within software systems, which may stem from the poor representation of privacy within many Software Development LifeCycle (SDLC) processes. We propose to give privacy a higher priority within the SDLC through the creation of a confederated Privacy-Aware SDLC (PASDLC) which incorporates the Data Protection Impact Assessment (DPIA) lifecycle. The PASDLC brings stakeholders of the software system closer together through the implementation of multiple interception points, whilst prompting the stakeholders to consider privacy within the software system. We consider many challenges to the creation of the PASDLC, including potential communication issues from confederating the processes of a SDLC and the effective measurement of privacy as an attribute of a software system.
Citation
Irvine , C , Balasubramaniam , D & Henderson , T 2020 , Short paper: Integrating the data protection impact assessment into the software development lifecycle . in J Garcia-Alfaro , G Navarro-Arribas & J Herrera-Joancomarti (eds) , Data Privacy Management, Cryptocurrencies and Blockchain Technology : ESORICS 2020 International Workshops, DPM 2020 and CBT 2020, Guildford, UK, September 17–18, 2020, Revised Selected Papers . Lecture Notes in Computer Science (including subseries Security and Cryptology) , vol. 12484 LNCS , Springer , Cham , pp. 219-228 . https://doi.org/10.1007/978-3-030-66172-4_13
Publication
Data Privacy Management, Cryptocurrencies and Blockchain Technology
ISSN
0302-9743Type
Conference item
Rights
Copyright © Springer Nature Switzerland AG 2020. This work has been made available online in accordance with publisher policies or with permission. Permission for further reuse of this content should be sought from the publisher or the rights holder. This is the author created accepted manuscript following peer review and may differ slightly from the final published version. The final published version of this work is available at https://doi.org/10.1007/978-3-030-66172-4_13.
Collections
Items in the St Andrews Research Repository are protected by copyright, with all rights reserved, unless otherwise indicated.