The Community for Technology Leaders
2013 6th International Workshop on Requirements Engineering and Law (RELAW) (2012)
Chicago, IL, USA USA
Sept. 25, 2012 to Sept. 25, 2012
ISBN: 978-1-4673-4380-0
pp: 52-61
Jessica Young Schmidt , North Carolina State University, Department of Computer Science, Raleigh, USA
Annie I. Anton , North Carolina State University, Department of Computer Science, Raleigh, USA
Julia B. Earp , North Carolina State University, Department of Business Management, Raleigh, USA
ABSTRACT
In the United States, organizations can be held liable by the Federal Trade Commission for the statements they make in their privacy policies. Thus, organizations must include their privacy policies as a source of requirements in order to build systems that are policy-compliant. In this paper, we describe an empirical user study in which we measure the ability of requirements engineers to effectively extract compliance requirements from a privacy policy using one of three analysis approaches—CPR (commitment, privilege, and right) analysis, goal-based analysis, and non-methodassisted (control) analysis. The results of these three approaches were then compared to an expert-produced set of expected compliance requirements. The requirements extracted by the CPR subjects reflected a higher percentage of requirements that were expected compliance requirements as well as a higher percentage of the total expected compliance requirements. In contrast, the goal-based and control subjects produced a higher number of synthesized requirements, or requirements not directly derived from the policy than the CPR subjects. This larger number of synthesized requirements may be attributed to the fact that these two subject groups employed more inquiry-driven approaches than the CPR subjects who relied primarily on focused and direct extraction of compliance requirements.
INDEX TERMS
CITATION
Jessica Young Schmidt, Annie I. Anton, Julia B. Earp, "Assessing identification of compliance requirements from privacy policies", 2013 6th International Workshop on Requirements Engineering and Law (RELAW), vol. 00, no. , pp. 52-61, 2012, doi:10.1109/RELAW.2012.6347806
97 ms
(Ver 3.3 (11022016))