Short paper: Integrating the data protection impact assessment into the software development lifecycle

Christopher Irvine; Dharini Balasubramaniam; Tristan Henderson

doi:10.1007/978-3-030-66172-4_13

Short paper: Integrating the data protection impact assessment into the software development lifecycle

Christopher Irvine, Dharini Balasubramaniam, Tristan Henderson

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Recent years have seen many privacy violations that have cost both the users of software systems and the businesses that run them in a variety of ways. One potential cause of these violations may be the ad hoc nature of the implementation of privacy measures within software systems, which may stem from the poor representation of privacy within many Software Development LifeCycle (SDLC) processes. We propose to give privacy a higher priority within the SDLC through the creation of a confederated Privacy-Aware SDLC (PASDLC) which incorporates the Data Protection Impact Assessment (DPIA) lifecycle. The PASDLC brings stakeholders of the software system closer together through the implementation of multiple interception points, whilst prompting the stakeholders to consider privacy within the software system. We consider many challenges to the creation of the PASDLC, including potential communication issues from confederating the processes of a SDLC and the effective measurement of privacy as an attribute of a software system.

Original language	English
Title of host publication	Data Privacy Management, Cryptocurrencies and Blockchain Technology
Subtitle of host publication	ESORICS 2020 International Workshops, DPM 2020 and CBT 2020, Guildford, UK, September 17–18, 2020, Revised Selected Papers
Editors	Joaquin Garcia-Alfaro, Guillermo Navarro-Arribas, Jordi Herrera-Joancomarti
Place of Publication	Cham
Publisher	Springer
Pages	219-228
ISBN (Electronic)	9783030661724
ISBN (Print)	9783030661717
DOIs	https://doi.org/10.1007/978-3-030-66172-4_13
Publication status	Published - 2020

Publication series

Name	Lecture Notes in Computer Science (including subseries Security and Cryptology)
Volume	12484 LNCS
ISSN (Print)	0302-9743

Keywords

Privacy
Software architecture
Software engineering lifecycle
Data protection impact assessment

Access to Document

10.1007/978-3-030-66172-4_13

Irvine-et-al_Integrating-Privacy_2020_PURE
Copyright © Springer Nature Switzerland AG 2020. This work has been made available online in accordance with publisher policies or with permission. Permission for further reuse of this content should be sought from the publisher or the rights holder. This is the author created accepted manuscript following peer review and may differ slightly from the final published version. The final published version of this work is available at https://doi.org/10.1007/978-3-030-66172-4_13.
Accepted author manuscript, 461 KB

Cite this

Irvine, C., Balasubramaniam, D., & Henderson, T. (2020). Short paper: Integrating the data protection impact assessment into the software development lifecycle. In J. Garcia-Alfaro, G. Navarro-Arribas, & J. Herrera-Joancomarti (Eds.), Data Privacy Management, Cryptocurrencies and Blockchain Technology: ESORICS 2020 International Workshops, DPM 2020 and CBT 2020, Guildford, UK, September 17–18, 2020, Revised Selected Papers (pp. 219-228). (Lecture Notes in Computer Science (including subseries Security and Cryptology); Vol. 12484 LNCS). Springer. https://doi.org/10.1007/978-3-030-66172-4_13

Irvine, Christopher ; Balasubramaniam, Dharini ; Henderson, Tristan. / Short paper: Integrating the data protection impact assessment into the software development lifecycle. Data Privacy Management, Cryptocurrencies and Blockchain Technology: ESORICS 2020 International Workshops, DPM 2020 and CBT 2020, Guildford, UK, September 17–18, 2020, Revised Selected Papers. editor / Joaquin Garcia-Alfaro ; Guillermo Navarro-Arribas ; Jordi Herrera-Joancomarti. Cham : Springer, 2020. pp. 219-228 (Lecture Notes in Computer Science (including subseries Security and Cryptology)).

@inproceedings{9bac5a805aaf4626a25fdc955c288dde,

title = "Short paper: Integrating the data protection impact assessment into the software development lifecycle",

abstract = "Recent years have seen many privacy violations that have cost both the users of software systems and the businesses that run them in a variety of ways. One potential cause of these violations may be the ad hoc nature of the implementation of privacy measures within software systems, which may stem from the poor representation of privacy within many Software Development LifeCycle (SDLC) processes. We propose to give privacy a higher priority within the SDLC through the creation of a confederated Privacy-Aware SDLC (PASDLC) which incorporates the Data Protection Impact Assessment (DPIA) lifecycle. The PASDLC brings stakeholders of the software system closer together through the implementation of multiple interception points, whilst prompting the stakeholders to consider privacy within the software system. We consider many challenges to the creation of the PASDLC, including potential communication issues from confederating the processes of a SDLC and the effective measurement of privacy as an attribute of a software system.",

keywords = "Privacy, Software architecture, Software engineering lifecycle, Data protection impact assessment",

author = "Christopher Irvine and Dharini Balasubramaniam and Tristan Henderson",

year = "2020",

doi = "10.1007/978-3-030-66172-4_13",

language = "English",

isbn = "9783030661717",

series = "Lecture Notes in Computer Science (including subseries Security and Cryptology)",

publisher = "Springer",

pages = "219--228",

editor = "Joaquin Garcia-Alfaro and Guillermo Navarro-Arribas and Jordi Herrera-Joancomarti",

booktitle = "Data Privacy Management, Cryptocurrencies and Blockchain Technology",

address = "Netherlands",

}

Irvine, C, Balasubramaniam, D & Henderson, T 2020, Short paper: Integrating the data protection impact assessment into the software development lifecycle. in J Garcia-Alfaro, G Navarro-Arribas & J Herrera-Joancomarti (eds), Data Privacy Management, Cryptocurrencies and Blockchain Technology: ESORICS 2020 International Workshops, DPM 2020 and CBT 2020, Guildford, UK, September 17–18, 2020, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Security and Cryptology), vol. 12484 LNCS, Springer, Cham, pp. 219-228. https://doi.org/10.1007/978-3-030-66172-4_13

Short paper: Integrating the data protection impact assessment into the software development lifecycle. / Irvine, Christopher; Balasubramaniam, Dharini ; Henderson, Tristan.
Data Privacy Management, Cryptocurrencies and Blockchain Technology: ESORICS 2020 International Workshops, DPM 2020 and CBT 2020, Guildford, UK, September 17–18, 2020, Revised Selected Papers. ed. / Joaquin Garcia-Alfaro; Guillermo Navarro-Arribas; Jordi Herrera-Joancomarti. Cham: Springer, 2020. p. 219-228 (Lecture Notes in Computer Science (including subseries Security and Cryptology); Vol. 12484 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Short paper: Integrating the data protection impact assessment into the software development lifecycle

AU - Irvine, Christopher

AU - Balasubramaniam, Dharini

AU - Henderson, Tristan

PY - 2020

Y1 - 2020

N2 - Recent years have seen many privacy violations that have cost both the users of software systems and the businesses that run them in a variety of ways. One potential cause of these violations may be the ad hoc nature of the implementation of privacy measures within software systems, which may stem from the poor representation of privacy within many Software Development LifeCycle (SDLC) processes. We propose to give privacy a higher priority within the SDLC through the creation of a confederated Privacy-Aware SDLC (PASDLC) which incorporates the Data Protection Impact Assessment (DPIA) lifecycle. The PASDLC brings stakeholders of the software system closer together through the implementation of multiple interception points, whilst prompting the stakeholders to consider privacy within the software system. We consider many challenges to the creation of the PASDLC, including potential communication issues from confederating the processes of a SDLC and the effective measurement of privacy as an attribute of a software system.

AB - Recent years have seen many privacy violations that have cost both the users of software systems and the businesses that run them in a variety of ways. One potential cause of these violations may be the ad hoc nature of the implementation of privacy measures within software systems, which may stem from the poor representation of privacy within many Software Development LifeCycle (SDLC) processes. We propose to give privacy a higher priority within the SDLC through the creation of a confederated Privacy-Aware SDLC (PASDLC) which incorporates the Data Protection Impact Assessment (DPIA) lifecycle. The PASDLC brings stakeholders of the software system closer together through the implementation of multiple interception points, whilst prompting the stakeholders to consider privacy within the software system. We consider many challenges to the creation of the PASDLC, including potential communication issues from confederating the processes of a SDLC and the effective measurement of privacy as an attribute of a software system.

KW - Privacy

KW - Software architecture

KW - Software engineering lifecycle

KW - Data protection impact assessment

UR - https://deic-web.uab.cat/conferences/dpm/dpm2020/

U2 - 10.1007/978-3-030-66172-4_13

DO - 10.1007/978-3-030-66172-4_13

M3 - Conference contribution

SN - 9783030661717

T3 - Lecture Notes in Computer Science (including subseries Security and Cryptology)

SP - 219

EP - 228

BT - Data Privacy Management, Cryptocurrencies and Blockchain Technology

A2 - Garcia-Alfaro, Joaquin

A2 - Navarro-Arribas, Guillermo

A2 - Herrera-Joancomarti, Jordi

PB - Springer

CY - Cham

ER -

Irvine C, Balasubramaniam D , Henderson T. Short paper: Integrating the data protection impact assessment into the software development lifecycle. In Garcia-Alfaro J, Navarro-Arribas G, Herrera-Joancomarti J, editors, Data Privacy Management, Cryptocurrencies and Blockchain Technology: ESORICS 2020 International Workshops, DPM 2020 and CBT 2020, Guildford, UK, September 17–18, 2020, Revised Selected Papers. Cham: Springer. 2020. p. 219-228. (Lecture Notes in Computer Science (including subseries Security and Cryptology)). Epub 2020 Dec 29. doi: 10.1007/978-3-030-66172-4_13

Short paper: Integrating the data protection impact assessment into the software development lifecycle

Abstract

Publication series

Keywords

Access to Document

Other files and links

Fingerprint

Cite this