Privacy Requirements: Findings and Lessons Learned in Developing a Privacy Platform

Mohamad Gharib, Mattia Salnitri, Elda Paja, Paolo Giorgini, Haralambos Mouratidis, Michail Pavlidis, Jose F. Ruz, Sandra Fernandez, Andrea Della Siria

Research output: Contribution to conferenceOtherResearch

Abstract

Information practices and systems that make use of personal and health-relatedinformation are governed by European laws and regulations to preventunauthorized use and disclosure. Failure to comply with these laws andregulations results in huge monetary sanctions, which both private companiesand public administrations want to avoid. How to comply with these laws,requires understanding the privacy requirements imposed on informationsystems. A holistic approach to privacy requirements specification calls forunderstanding not only the requirements derived by law, but also citizens'needs with respect to privacy. In this paper, we report on our experience inconducting privacy requirements engineering as part of a H2020 EuropeanProject, namely VisiOn (Visual Privacy Management in User Centric OpenRequirements) for the development of a privacy platform to improve theinteraction between Public Administrations (PA) and citizens, while guardingthe privacy of the latter. Specifically, we present the process for eliciting,classifying, prioritizing, and validating privacy requirements for the twotypes of users, namely PA and citizen. The process is applied to differentcases spanning from healthcare to other e-governmental initiatives, with theactive involvement of the corresponding PAs. We report on findings and lessonslearned from this experience.
Original languageEnglish
Pages0-0
Number of pages1
Publication statusPublished - 12 Sep 2016
EventInternational Requirements Engineering Conference - Beijing, China, 12-16, September, 2016
Duration: 12 Sep 2016 → …

Conference

ConferenceInternational Requirements Engineering Conference
Period12/09/16 → …

Fingerprint

Public administration
Requirements engineering
Health
Specifications

Cite this

Gharib, M., Salnitri, M., Paja, E., Giorgini, P., Mouratidis, H., Pavlidis, M., ... Della Siria, A. (2016). Privacy Requirements: Findings and Lessons Learned in Developing a Privacy Platform. 0-0. International Requirements Engineering Conference, .
Gharib, Mohamad ; Salnitri, Mattia ; Paja, Elda ; Giorgini, Paolo ; Mouratidis, Haralambos ; Pavlidis, Michail ; Ruz, Jose F. ; Fernandez, Sandra ; Della Siria, Andrea. / Privacy Requirements: Findings and Lessons Learned in Developing a Privacy Platform. International Requirements Engineering Conference, .1 p.
@conference{bb6b95c7cf7e46908b71a9026ef55382,
title = "Privacy Requirements: Findings and Lessons Learned in Developing a Privacy Platform",
abstract = "Information practices and systems that make use of personal and health-relatedinformation are governed by European laws and regulations to preventunauthorized use and disclosure. Failure to comply with these laws andregulations results in huge monetary sanctions, which both private companiesand public administrations want to avoid. How to comply with these laws,requires understanding the privacy requirements imposed on informationsystems. A holistic approach to privacy requirements specification calls forunderstanding not only the requirements derived by law, but also citizens'needs with respect to privacy. In this paper, we report on our experience inconducting privacy requirements engineering as part of a H2020 EuropeanProject, namely VisiOn (Visual Privacy Management in User Centric OpenRequirements) for the development of a privacy platform to improve theinteraction between Public Administrations (PA) and citizens, while guardingthe privacy of the latter. Specifically, we present the process for eliciting,classifying, prioritizing, and validating privacy requirements for the twotypes of users, namely PA and citizen. The process is applied to differentcases spanning from healthcare to other e-governmental initiatives, with theactive involvement of the corresponding PAs. We report on findings and lessonslearned from this experience.",
author = "Mohamad Gharib and Mattia Salnitri and Elda Paja and Paolo Giorgini and Haralambos Mouratidis and Michail Pavlidis and Ruz, {Jose F.} and Sandra Fernandez and {Della Siria}, Andrea",
year = "2016",
month = "9",
day = "12",
language = "English",
pages = "0--0",
note = "International Requirements Engineering Conference ; Conference date: 12-09-2016",

}

Gharib, M, Salnitri, M, Paja, E, Giorgini, P, Mouratidis, H, Pavlidis, M, Ruz, JF, Fernandez, S & Della Siria, A 2016, 'Privacy Requirements: Findings and Lessons Learned in Developing a Privacy Platform' International Requirements Engineering Conference, 12/09/16, pp. 0-0.

Privacy Requirements: Findings and Lessons Learned in Developing a Privacy Platform. / Gharib, Mohamad; Salnitri, Mattia; Paja, Elda; Giorgini, Paolo; Mouratidis, Haralambos; Pavlidis, Michail; Ruz, Jose F.; Fernandez, Sandra; Della Siria, Andrea.

2016. 0-0 International Requirements Engineering Conference, .

Research output: Contribution to conferenceOtherResearch

TY - CONF

T1 - Privacy Requirements: Findings and Lessons Learned in Developing a Privacy Platform

AU - Gharib, Mohamad

AU - Salnitri, Mattia

AU - Paja, Elda

AU - Giorgini, Paolo

AU - Mouratidis, Haralambos

AU - Pavlidis, Michail

AU - Ruz, Jose F.

AU - Fernandez, Sandra

AU - Della Siria, Andrea

PY - 2016/9/12

Y1 - 2016/9/12

N2 - Information practices and systems that make use of personal and health-relatedinformation are governed by European laws and regulations to preventunauthorized use and disclosure. Failure to comply with these laws andregulations results in huge monetary sanctions, which both private companiesand public administrations want to avoid. How to comply with these laws,requires understanding the privacy requirements imposed on informationsystems. A holistic approach to privacy requirements specification calls forunderstanding not only the requirements derived by law, but also citizens'needs with respect to privacy. In this paper, we report on our experience inconducting privacy requirements engineering as part of a H2020 EuropeanProject, namely VisiOn (Visual Privacy Management in User Centric OpenRequirements) for the development of a privacy platform to improve theinteraction between Public Administrations (PA) and citizens, while guardingthe privacy of the latter. Specifically, we present the process for eliciting,classifying, prioritizing, and validating privacy requirements for the twotypes of users, namely PA and citizen. The process is applied to differentcases spanning from healthcare to other e-governmental initiatives, with theactive involvement of the corresponding PAs. We report on findings and lessonslearned from this experience.

AB - Information practices and systems that make use of personal and health-relatedinformation are governed by European laws and regulations to preventunauthorized use and disclosure. Failure to comply with these laws andregulations results in huge monetary sanctions, which both private companiesand public administrations want to avoid. How to comply with these laws,requires understanding the privacy requirements imposed on informationsystems. A holistic approach to privacy requirements specification calls forunderstanding not only the requirements derived by law, but also citizens'needs with respect to privacy. In this paper, we report on our experience inconducting privacy requirements engineering as part of a H2020 EuropeanProject, namely VisiOn (Visual Privacy Management in User Centric OpenRequirements) for the development of a privacy platform to improve theinteraction between Public Administrations (PA) and citizens, while guardingthe privacy of the latter. Specifically, we present the process for eliciting,classifying, prioritizing, and validating privacy requirements for the twotypes of users, namely PA and citizen. The process is applied to differentcases spanning from healthcare to other e-governmental initiatives, with theactive involvement of the corresponding PAs. We report on findings and lessonslearned from this experience.

M3 - Other

SP - 0

EP - 0

ER -

Gharib M, Salnitri M, Paja E, Giorgini P, Mouratidis H, Pavlidis M et al. Privacy Requirements: Findings and Lessons Learned in Developing a Privacy Platform. 2016. International Requirements Engineering Conference, .