Computer-Aided Privacy Requirements Elicitation Technique

The legislative penalties and economic penalties for privacy violations are more serious for a service provider these days. In spite of demonstrating that it is willing and able to protect the privacy of information, a service provider developing a privacy-compliant system faces two challenges; technical complexities and legal complexities. In this paper, we propose a computer-aided Privacy Requirements Elicitation Technique (PRET) that helps software developers elicit privacy requirements more efficiently in the early stages of software development. The goal of the PRET tool is to accelerate the elicitation process and prevent privacy requirements leaks by using a general privacy requirements database derived from privacy laws and empirical privacy requirements. We also show the results of integrating the PRET tool with the Security Quality Requirements Engineering (SQUARE) methodology and provide evidence of the efficacy of the resultant tool.