|
| This Article | ||
| ||
| Share | ||
| Bibliographic References | ||
| Add to: | ||
 Digg  Furl  Spurl  Blink  Simpy  Google  Del.icio.us  Y!MyWeb | ||
| Search | ||
| ||
2012 20th IEEE International Requirements Engineering Conference (RE)
Reconciling multi-jurisdictional legal requirements: A case study in requirements water marking
Chicago, IL, USA USA
September 24-September 28
ISBN: 978-1-4673-2783-1
| ASCII Text | x | ||
| David G. Gordon, Travis D. Breaux, "Reconciling multi-jurisdictional legal requirements: A case study in requirements water marking," 2012 20th IEEE International Requirements Engineering Conference (RE), pp. 91-100, 2012 20th IEEE International Requirements Engineering Conference (RE), 2012. | |||
| BibTex | x | ||
| @article{ 10.1109/RE.2012.6345843, author = {David G. Gordon and Travis D. Breaux}, title = {Reconciling multi-jurisdictional legal requirements: A case study in requirements water marking}, journal ={2012 20th IEEE International Requirements Engineering Conference (RE)}, volume = {0}, year = {2012}, issn = {1090-750X}, pages = {91-100}, doi = {http://doi.ieeecomputersociety.org/10.1109/RE.2012.6345843}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, } | |||
| RefWorks Procite/RefMan/Endnote | x | ||
| TY - CONF JO - 2012 20th IEEE International Requirements Engineering Conference (RE) TI - Reconciling multi-jurisdictional legal requirements: A case study in requirements water marking SN - 1090-750X SP91 EP100 A1 - David G. Gordon, A1 - Travis D. Breaux, PY - 2012 KW - conflicts KW - legal requirements KW - requirements comparison KW - requirements reconciliation VL - 0 JA - 2012 20th IEEE International Requirements Engineering Conference (RE) ER - | |||
Companies that own, license, or maintain personal information face a daunting number of privacy and security regulations. Companies are subject to new regulations from one or more governing bodies, when companies introduce new or existing products into a jurisdiction, when regulations change, or when data is transferred across political borders. To address this problem, we developed a framework called “requirements water marking” that business analysts can use to align and reconcile requirements from multiple jurisdictions (municipalities, provinces, nations) to produce a single high or low standard of care. We evaluate the framework in an empirical case study conducted over a subset of U.S. data breach notification laws that require companies to secure their data and notify consumers in the event of data loss or theft. In this study, applying our framework reduced the number of requirements a company must comply with by 76% across 8 jurisdictions. We show how the framework surfaces critical requirements trade-offs and potential regulatory conflicts that companies must address during the reconciliation process. We summarize our results, including surveys of information technology law experts to contextualize our empirical results in legal practice.
Index Terms:
conflicts,legal requirements,requirements comparison,requirements reconciliation
Citation:
David G. Gordon, Travis D. Breaux, "Reconciling multi-jurisdictional legal requirements: A case study in requirements water marking," re, pp.91-100, 2012 20th IEEE International Requirements Engineering Conference (RE), 2012
Usage of this product signifies your acceptance of the Terms of Use.