Short paper: Integrating the data protection impact assessment into the software development lifecycle

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Downloads (Pure)

Abstract

Recent years have seen many privacy violations that have cost both the users of software systems and the businesses that run them in a variety of ways. One potential cause of these violations may be the ad hoc nature of the implementation of privacy measures within software systems, which may stem from the poor representation of privacy within many Software Development LifeCycle (SDLC) processes. We propose to give privacy a higher priority within the SDLC through the creation of a confederated Privacy-Aware SDLC (PASDLC) which incorporates the Data Protection Impact Assessment (DPIA) lifecycle. The PASDLC brings stakeholders of the software system closer together through the implementation of multiple interception points, whilst prompting the stakeholders to consider privacy within the software system. We consider many challenges to the creation of the PASDLC, including potential communication issues from confederating the processes of a SDLC and the effective measurement of privacy as an attribute of a software system.
Original languageEnglish
Title of host publicationData Privacy Management, Cryptocurrencies and Blockchain Technology
Subtitle of host publicationESORICS 2020 International Workshops, DPM 2020 and CBT 2020, Guildford, UK, September 17–18, 2020, Revised Selected Papers
EditorsJoaquin Garcia-Alfaro, Guillermo Navarro-Arribas, Jordi Herrera-Joancomarti
Place of PublicationCham
PublisherSpringer
Pages219-228
ISBN (Electronic)9783030661724
ISBN (Print)9783030661717
DOIs
Publication statusPublished - 2020

Publication series

NameLecture Notes in Computer Science (including subseries Security and Cryptology)
Volume12484 LNCS
ISSN (Print)0302-9743

Keywords

  • Privacy
  • Software architecture
  • Software engineering lifecycle
  • Data protection impact assessment

Fingerprint

Dive into the research topics of 'Short paper: Integrating the data protection impact assessment into the software development lifecycle'. Together they form a unique fingerprint.

Cite this