Extending ISO/IEC 29110 basic profile with privacy-by-design approach: A case study in the health care sector

Miguel Ehecatl Morales-Trujillo, Gabriel Alberto Garcia-Mireles

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

Privacy related elements have become an essential part of any information system. Previous studies reveal a scarcity of research on privacy in software processes, few engineering practices and a lack of methodological support to address privacy requirements in software systems. Introducing Privacy-by-Design (PbD) into software developments is an advantageous solution to tackle privacy related concerns. This paper presents an integration of PbD goals into the ISO/IEC 29110 Basic profile for small software development organizations. The most frequently encountered privacy goals as well as privacy addressing practices from previous methodological proposals were taken into account and included in the form of tasks, work products and roles. As a practical example, we describe a real life project development of a health care system that motivated the creation of the ISO/IEC 29110 PbD extension.

Original languageEnglish
Title of host publicationProceedings - 2018 International Conference on the Quality of Information and Communications Technology, QUATIC 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages56-64
Number of pages9
ISBN (Electronic)9781538658413
DOIs
StatePublished - 26 Dec 2018
Event11th International Conference on the Quality of Information and Communications Technology, QUATIC 2018 - Coimbra, Portugal
Duration: 4 Sep 20187 Sep 2018

Publication series

NameProceedings - 2018 International Conference on the Quality of Information and Communications Technology, QUATIC 2018

Conference

Conference11th International Conference on the Quality of Information and Communications Technology, QUATIC 2018
CountryPortugal
CityCoimbra
Period4/09/187/09/18

Keywords

  • GDPR
  • Privacy by design
  • Software development
  • Software engineering
  • Very small entity

Fingerprint Dive into the research topics of 'Extending ISO/IEC 29110 basic profile with privacy-by-design approach: A case study in the health care sector'. Together they form a unique fingerprint.

  • Cite this

    Morales-Trujillo, M. E., & Garcia-Mireles, G. A. (2018). Extending ISO/IEC 29110 basic profile with privacy-by-design approach: A case study in the health care sector. In Proceedings - 2018 International Conference on the Quality of Information and Communications Technology, QUATIC 2018 (pp. 56-64). [8590171] (Proceedings - 2018 International Conference on the Quality of Information and Communications Technology, QUATIC 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/QUATIC.2018.00018