A Methodology for Eliciting Data Privacy Requirements and Resolving Conflicts
Asmita Manna1, Anirban Sengupta2, Chandan Mazumdar3
1Asmita Manna*, Department of Computer Science and Engineering, Jadavpur University, Kolkata, India.
2Anirban Sengupta, Centre for Distributed Computing, Jadavpur University, Kolkata, India.
3Chandan Mazumdar, Department of Computer Science and Engineering, Jadavpur University, Kolkata, India.
Manuscript received on November 12, 2019. | Revised Manuscript received on November 23, 2019. | Manuscript published on 30 November, 2019. | PP: 8366-8374 | Volume-8 Issue-4, November 2019. | Retrieval Number: D9049118419/2019©BEIESP | DOI: 10.35940/ijrte.D9049.118419
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Privacy is one of the major concerns of data protection where personal data of individuals are used by enterprises for providing services. To ensure the rights of citizens, different legal authorities, including European Union, have made it mandatory for enterprises to implement certain privacy principles. An enterprise may also have its own set of privacy principles that help provide customized privacy experience to its customers, with the motive of retaining its customer base and weaning away customers from its competitors. To ensure privacy compliance with legal policies, enterprise privacy principles and expectations of customers, the system design should consider the privacy requirements emanating from all these sources. However, the requirements are often expressed in natural languages, which are difficult to interpret for system designers. In this paper, a logic-based methodology is proposed to formally express privacy requirements emanating from all three different sources. The methodology also includes an algorithm to identify and resolve conflicts among elicited privacy requirements. The proposed approach can be considered as the first step towards ensuring privacy compliance. This would help an enterprise to identify conflicting privacy requirements, resolve conflicts as per pre-defined rules and identify implementable privacy principles to enable the management of privacy compliance.
Keywords: Privacy Policy, Privacy Requirements, Privacy Requirement Engineering, Conflict Resolution of Policies.
Scope of the Article: Requirements Engineering.