Toward a Holistic Privacy Requirements Engineering Process: Insights from a Systematic Literature Review

Guntur Budi Herwanto*, Fajar J. Ekaputra, Gerald Quirchmayr, A. Min Tjoa

*Corresponding author for this work

Publication: Scientific journalJournal articlepeer-review

Abstract

Privacy requirements engineering is a crucial aspect of privacy engineering. It aims to integrate privacy principles into organizational and technical processes throughout the software development lifecycle. This specialized field involves various strategies, including compliance with regulatory frameworks, asset analysis, and system diagram development for threat modeling. The wide range of approaches, while beneficial in providing different perspectives, presents a significant challenge to the novice privacy engineer or developer in identifying the most effective methodologies. The lack of a single methodology highlights the need for a systematic literature review (SLR) to establish a standardized process for privacy requirements engineering that promotes consistency across different methodologies. To address this issue, we conducted a comprehensive SLR to synthesize existing privacy requirements engineering methodologies. Our analysis involved dissecting each method's processes, tasks, techniques, work products, and resources. Our review examined 40 privacy requirements engineering methodologies detailed in 50 papers, from which we extracted five key processes commonly followed in privacy requirements engineering research. We used this as the foundation for a holistic approach to facilitate the adoption of a comprehensive privacy requirements engineering process. The review also identifies ongoing challenges and suggests future directions in this field.

Original languageEnglish
Pages (from-to)47518-47542
Number of pages25
JournalIEEE Access
Volume12
DOIs
Publication statusPublished - 2024

Bibliographical note

Publisher Copyright:
© 2013 IEEE.

Keywords

  • privacy by design
  • privacy design engineering
  • privacy engineering
  • Privacy requirements engineering

Cite this