Guidelines adopted by agile teams in privacy requirements elicitation after the Brazilian general data protection law (LGPD) implementation

The Brazilian General Data Protection Law (LGPD) implementation has impacted activities carried out by the software development teams. Due to it, developers had to become aware of the existing techniques and tools to carry out privacy requirements elicitation. Extending our previous work, we have in...

Descripción completa

Detalles Bibliográficos
Autores principales: Canedo, Edna Dias, Calazans, Angelica Toffano Seidel, Bandeira, Ian Nery, Costa, Pedro Henrique Teixeira, Masson, Eloisa Toffano Seidel
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Springer London 2022
Materias:
Original Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9638239/
https://www.ncbi.nlm.nih.gov/pubmed/36373010
http://dx.doi.org/10.1007/s00766-022-00391-7
_version_ 1784825365751922688
author Canedo, Edna Dias
Calazans, Angelica Toffano Seidel
Bandeira, Ian Nery
Costa, Pedro Henrique Teixeira
Masson, Eloisa Toffano Seidel
author_facet Canedo, Edna Dias
Calazans, Angelica Toffano Seidel
Bandeira, Ian Nery
Costa, Pedro Henrique Teixeira
Masson, Eloisa Toffano Seidel
author_sort Canedo, Edna Dias
collection PubMed
description The Brazilian General Data Protection Law (LGPD) implementation has impacted activities carried out by the software development teams. Due to it, developers had to become aware of the existing techniques and tools to carry out privacy requirements elicitation. Extending our previous work, we have investigated the actions taken by organizations regarding the LGPD, specifically in software development, considering the perception of agile development teams after two years of the LGPD implementation. In addition, we also investigated the perception of an agile team regarding the practices, techniques, and tools previously cited by practitioners as potential solutions for use in this context, along with techniques already in use in the current context. We have conducted a systematic literature review (SLR) and selected 36 primary studies. Furthermore, we have conducted a survey with 53 IT practitioners and semi-structured interviews with ten practitioners. The LGPD principles are known by most agile teams and are being implemented by the organizations, although the existing tools to support privacy requirements elicitation are still underused by agile teams. Moreover, agile teams consider that software requirements and software construction are the most impacted areas of knowledge by the LGPD, and most of them use user stories in privacy requirements elicitation. Our findings reveal that agile teams and Brazilian organizations are more concerned with user data privacy issues after the LGPD became effective. However, agile teams still face challenges in privacy requirements elicitation.
format Online
Article
Text
id pubmed-9638239
institution National Center for Biotechnology Information
language English
publishDate 2022
publisher Springer London
record_format MEDLINE/PubMed
spelling pubmed-96382392022-11-07 Guidelines adopted by agile teams in privacy requirements elicitation after the Brazilian general data protection law (LGPD) implementation Canedo, Edna Dias Calazans, Angelica Toffano Seidel Bandeira, Ian Nery Costa, Pedro Henrique Teixeira Masson, Eloisa Toffano Seidel Requir Eng Original Article The Brazilian General Data Protection Law (LGPD) implementation has impacted activities carried out by the software development teams. Due to it, developers had to become aware of the existing techniques and tools to carry out privacy requirements elicitation. Extending our previous work, we have investigated the actions taken by organizations regarding the LGPD, specifically in software development, considering the perception of agile development teams after two years of the LGPD implementation. In addition, we also investigated the perception of an agile team regarding the practices, techniques, and tools previously cited by practitioners as potential solutions for use in this context, along with techniques already in use in the current context. We have conducted a systematic literature review (SLR) and selected 36 primary studies. Furthermore, we have conducted a survey with 53 IT practitioners and semi-structured interviews with ten practitioners. The LGPD principles are known by most agile teams and are being implemented by the organizations, although the existing tools to support privacy requirements elicitation are still underused by agile teams. Moreover, agile teams consider that software requirements and software construction are the most impacted areas of knowledge by the LGPD, and most of them use user stories in privacy requirements elicitation. Our findings reveal that agile teams and Brazilian organizations are more concerned with user data privacy issues after the LGPD became effective. However, agile teams still face challenges in privacy requirements elicitation. Springer London 2022-11-04 2022 /pmc/articles/PMC9638239/ /pubmed/36373010 http://dx.doi.org/10.1007/s00766-022-00391-7 Text en © The Author(s), under exclusive licence to Springer-Verlag London Ltd., part of Springer Nature 2022, Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law. This article is made available via the PMC Open Access Subset for unrestricted research re-use and secondary analysis in any form or by any means with acknowledgement of the original source. These permissions are granted for the duration of the World Health Organization (WHO) declaration of COVID-19 as a global pandemic.
spellingShingle Original Article
Canedo, Edna Dias
Calazans, Angelica Toffano Seidel
Bandeira, Ian Nery
Costa, Pedro Henrique Teixeira
Masson, Eloisa Toffano Seidel
Guidelines adopted by agile teams in privacy requirements elicitation after the Brazilian general data protection law (LGPD) implementation
title Guidelines adopted by agile teams in privacy requirements elicitation after the Brazilian general data protection law (LGPD) implementation
title_full Guidelines adopted by agile teams in privacy requirements elicitation after the Brazilian general data protection law (LGPD) implementation
title_fullStr Guidelines adopted by agile teams in privacy requirements elicitation after the Brazilian general data protection law (LGPD) implementation
title_full_unstemmed Guidelines adopted by agile teams in privacy requirements elicitation after the Brazilian general data protection law (LGPD) implementation
title_short Guidelines adopted by agile teams in privacy requirements elicitation after the Brazilian general data protection law (LGPD) implementation
title_sort guidelines adopted by agile teams in privacy requirements elicitation after the brazilian general data protection law (lgpd) implementation
topic Original Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9638239/
https://www.ncbi.nlm.nih.gov/pubmed/36373010
http://dx.doi.org/10.1007/s00766-022-00391-7
work_keys_str_mv AT canedoednadias guidelinesadoptedbyagileteamsinprivacyrequirementselicitationafterthebraziliangeneraldataprotectionlawlgpdimplementation
AT calazansangelicatoffanoseidel guidelinesadoptedbyagileteamsinprivacyrequirementselicitationafterthebraziliangeneraldataprotectionlawlgpdimplementation
AT bandeiraiannery guidelinesadoptedbyagileteamsinprivacyrequirementselicitationafterthebraziliangeneraldataprotectionlawlgpdimplementation
AT costapedrohenriqueteixeira guidelinesadoptedbyagileteamsinprivacyrequirementselicitationafterthebraziliangeneraldataprotectionlawlgpdimplementation
AT massoneloisatoffanoseidel guidelinesadoptedbyagileteamsinprivacyrequirementselicitationafterthebraziliangeneraldataprotectionlawlgpdimplementation

Ejemplares similares