Authors :
Conrad D. Dela Cruz
Volume/Issue :
Volume 9 - 2024, Issue 8 - August
Google Scholar :
https://tinyurl.com/5cztj4fm
Scribd :
https://tinyurl.com/5eauvbhh
DOI :
https://doi.org/10.38124/ijisrt/IJISRT24AUG877
Abstract :
The study investigated the implementation of
privacy engineering in software development at the
National Privacy Commission (NPC) with a specific focus
on the Data Breach Notification Management System
(DBNMS). Objectives include identifying the factors that
contribute to the success or failure of privacy engineering
in the NPC's software development context, to provide
valuable insights into the integration of privacy measures.
This includes the development of actionable guidance for
the effective integration of privacy and security in
software engineering at the NPC, tailored specifically for
NPC engineers and encompassing methodologies for
incorporating privacy engineering throughout the
software development life cycle. This is to empower NPC
software engineers with practical tools and strategies to
create a secure and privacy-respecting environment.
Qualitative methodology and thematic analysis approach
were utilized to assess the effectiveness of privacy
engineering techniques. To gather insights, semi
structured interviews were conducted with both internal
and external stakeholders composed of software
developers, data protection officers, and other internal
and external users of the DBNMS. Evaluation yielded
positive remarks both from internal and external
participants. Factors that contributed to the success and
failure of privacy engineering techniques in software
development include rapid evolution of technology, lack
of funds, and stakeholder engagement, among others.
Overall, the findings are expected to contribute to the
broader discourse on privacy engineering and have
implications for policymakers, software development
practitioners, and organizations looking to enhance their
privacy practices in the digital age.
Keywords :
Privacy Engineering, Privacy Integration in Software Development.
References :
- Andrade, V. C., Gomes, R. D., Reinehr, S., Freitas, C. O., & Malucelli, A. (2022). Privacy by design and software engineering. Proceedings of the XXI Brazilian Symposium on Software Quality. https://doi.org/10.1145/3571473.3571480
- Ayton, D., Tsindos, T., & Berkovic, D. (2023). Qualitative research: A practical guide for health and social care researchers and practitioners. Council of Australian University Librarians, Open Educational Resources Collective.
- Barnes, J., Conrad, K., Demont-Heinrich, C., Graziano, M., Kowalski, D., Neufeld, J., Zamora, J., & Palmquist, M. (n.d.) (2005). Home. Generalizability and Transferability. https://writing.colostate.edu/ guides/guide.cfm?guideid=65
- Bhandari, P. (2022, December 05). Inductive Reasoning | Types, Examples, Explanation. Scribbr. Retrieved June 19, 2023, from https://www.scribbr.com/methodology/inductive-reasoning/.
- Billups, F. D. (2021). Qualitative data collection tools: Design, development, and applications. SAGE Publications.
- Britton, J. (2021, March 6). What is ISO 25010?. Perforce Software. https://www.perforce.com/blog/ qac/what-is-iso-25010
- Campanile, L., Iacono, M., & Mastroianni, M. (2022). Towards privacy-aware software design in small and Medium Enterprises. 2022 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/Pi Com/CBDCom/CyberSciTech). https://doi.org/ 10.1109/dasc/picom/cbdcom/cy55231.2022.9927958
- Caulfield, J. (2022, November 25). How to Do Thematic Analysis | Step-by-Step Guide & Examples. Scribbr. Retrieved June 24, 2023, from https://www.scribbr.com/methodology/thematic-analysis/
- Cavoukian, A., Shapiro, S., & Cronk, R. J., Privacy engineering: Proactively embedding privacy, by design (2014). Toronto; Information and Privacy Commissioner, Ontario.
- Cherry, C. (2022, May 20). What Is Naturalistic Observation? November 20, 2023, https://www.verywellmind.com/what-is-naturalistic-observation-2795391
- Dulberg, R. (2021, September 10). An Engineer’s Guide to Privacy by Design. medium. August 20, 2023, https://medium.com/codex/an-engineers-guide-to-privacy-by-design-f487d16dcbbc
- Falconer, S. (2022, January 27). Software Engineering’s Next Great Challenge: Data Privacy. www.Skyflow.com. https://www.skyflow.com/post/ software-engineerings-next-great-challenge-data-privacy
- George, T. (2022). Semi-Structured Interview | Definition, Guide & Examples. Scribbr. https://www.scribbr.com/methodology/semi-structured-interview/
- Ghosh, A. (n.d.). An insider look at real-world examples of cloud hacks. LinkedIn. https://www.linkedin.com/pulse/insider-look-real-world-examples-cloud-hacks-aritra-ghosh
- Irani E. The Use of Videoconferencing for Qualitative Interviewing: Opportunities, Challenges, and Considerations. Clinical Nursing Research. 2019
- King, N., Horrocks, C., & Brooks, J. (2019). 2nd Edition Interviews in Qualitative Research (2nd ed.). Sage.
- Leonhardt, M. (2019, July 23). Equifax to pay $700 million for massive data breach. here’s what you need to know about getting a cut. CNBC. https://www.cnbc.com/2019/07/22/what-you-need-to-know-equifax-data-breach-700-million-settlement. html
- Libguides: Qualitative Study Design: Sampling. Sampling - Qualitative study design - LibGuides at Deakin University. (2023, October 12). https://deakin.libguides.com/qualitative-study-designs/sampling#:~:text=While%20there%20are%20no%20hard,Creswell%20%26%20Creswell%2C%202018).
- Martin, Y.-S., & Kung, A. (2018). Methods and tools for GDPR compliance through privacy and Data Protection Engineering. 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). https://doi.org/10.1109/eurospw. 2018.00021
- Meem, M. I. (2020, June 19). Importance of Epistemology and Ontology in Research Design and Methodology Mahabuba Islam Meem Mahabuba Islam Meem Research Assistant. November 19, 2023, https://www.linkedin.com/pulse/importance-epistemology-ontology-research-design-mahabuba-islam-meem/
- Naidu, N. (2023, April 19). Software Engineering | Agile Software Development. geeksforgeeks. August 20, 2023, https://www.geeksforgeeks.org/software-engineering-agile-software-development/
- National Institute of Standards and Technology, Brooks, S., Garcia, M., Lefkovitz, N., Lightman, S., & Nadeau, E., An Introduction to Privacy Engineering and Risk Management in Federal Systems (2017). National Institute of Standards and Technology. Retrieved August 22, 2023, from https://nvlpubs.nist.gov/nistpubs/ir/2017/NIST.IR.8062.pdf.
- Nowell, L. S., Norris, J. M., White, D. E., & Moules, N. J. (2017). Thematic Analysis: Striving to Meet the Trustworthiness Criteria. International Journal of Qualitative Methods, 16(1). https://doi.org/10.1177/ 1609406917733847
- Nurgalieva, L., Frik, A., & Doherty, G. (2021). Review of WiP: factors affecting the implementation of privacy and security practices in software development: a narrative review. https://www.leysannurgalieva.com/publications. Retrieved 2023, from https://www.leysannurgalieva.com/publications.
- Nurgalieva, L., Frik, A., & Doherty, G. (2023). A narrative review of factors affecting the implementation of privacy and security practices in software development. ACM Computing Surveys, 55(14s). https://doi.org/10.1145/3589951
- Office, U. S. G. A. (n.d.). Data Protection: Actions taken by Equifax and federal agencies in response to the 2017 breach. Data Protection: Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach | U.S. GAO. https://www.gao.gov/ products/gao-18-559
- Park, C. (2020, March 20). How “Notice and Consent” Fails to Protect Our Privacy. New America. August 20, 2023, https://www.newamerica.org/ oti/blog/how-notice-and-consent-fails-to-protect-our-privacy/
- Politz, D. (2023, August 29). Member check and respondent validation in qualitative research. Delve. https://delvetool.com/blog/member-check-respondent-validation
- Queens University of Charlotte (2022, May 12). A guide to qualitative rigor in research: Queens University Online. Queens University of Charlotte. https://online.queens.edu/resources/article/guide-to-qualitative-rigor-in-research/
- Rebes, P. (2019, August 13). Software Quality Standards—How and Why We Applied ISO 25010. Retrieved August 12, 2023, from https://www.monterail.com/blog/software-qa-standards-iso-25010.
- Rocha, L. D., Caneda, E. D., & Sousa Silva, G. R. (2023). Privacy Compliance in Software Development: A Guide to Implementing the LGPD Principles (thesis). Association for Computing Machinery, New York.
- Sampath, S. (2022, February 11). What is Privacy Engineering and how does it act as an enabler of Digital Innovation? https://www.linkedin.com/pulse/ what-privacy-engineering-how-does-act-enabler-digital-sampath/
- Sangaroonsilp, P., Dam, H. K., & Ghose, A. (2022b). Common privacy weaknesses and vulnerabilities in software applications. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.4025928
- Shenton, A. K. (2004). Strategies for ensuring trustworthiness in qualitative research projects. Education for Information, 22(2), 63–75. https://doi.org/10.3233/efi-2004-22201
- Spiekermann-Hoff, S. (2012). The Challenges of Privacy by Design. Communications of the ACM (CACM), 55(7), 34 - 37. https://doi.org/10.1145/ 2209249.2209263
- Stahl, N. A., & King, J. R. (2020). Expanding Approaches for Research: Understanding and Using Trustworthiness in Qualitative Research. Journal of Developmental Education, 44(1), 26–28. http://www.jstor.org/stable/45381095
- Stanke, B. (2022, December 18). Feature-Driven Development: The Pros, Cons, and How It Compares to Scrum. bobstanke. August 20, 2023, https://www.bobstanke.com/blog/feature-driven-development
- Tahaei, M., Vaniea, K., & Rashid, A. (2023). Embedding privacy into design through software developers: Challenges and solutions. IEEE Security & Privacy, 21(1). https://doi.org/10.1109/msec. 2022.3204364
- Thomas, F. B. (2022). The Role of Purposive Sampling Technique as a Tool for Informal Choices in a Social Sciences in Research Methods.
- Underwood, T. (2023, April 26). How to Choose a Sample Size in Qualitative Research. Retrieved August 12, 2023, from https://www.linkedin.com/ pulse/how-choose-sample-size-qualitative-research-focusinsite.
- Velimirovic, A. (2022, November 17). What is SDLC? Software Development Life Cycle Defined. PhoenixNap. August 20, 2023, https://phoenixnap.com/blog/software-development-life-cycl
The study investigated the implementation of
privacy engineering in software development at the
National Privacy Commission (NPC) with a specific focus
on the Data Breach Notification Management System
(DBNMS). Objectives include identifying the factors that
contribute to the success or failure of privacy engineering
in the NPC's software development context, to provide
valuable insights into the integration of privacy measures.
This includes the development of actionable guidance for
the effective integration of privacy and security in
software engineering at the NPC, tailored specifically for
NPC engineers and encompassing methodologies for
incorporating privacy engineering throughout the
software development life cycle. This is to empower NPC
software engineers with practical tools and strategies to
create a secure and privacy-respecting environment.
Qualitative methodology and thematic analysis approach
were utilized to assess the effectiveness of privacy
engineering techniques. To gather insights, semi
structured interviews were conducted with both internal
and external stakeholders composed of software
developers, data protection officers, and other internal
and external users of the DBNMS. Evaluation yielded
positive remarks both from internal and external
participants. Factors that contributed to the success and
failure of privacy engineering techniques in software
development include rapid evolution of technology, lack
of funds, and stakeholder engagement, among others.
Overall, the findings are expected to contribute to the
broader discourse on privacy engineering and have
implications for policymakers, software development
practitioners, and organizations looking to enhance their
privacy practices in the digital age.
Keywords :
Privacy Engineering, Privacy Integration in Software Development.