Extending ISO/IEC 29110 basic profile with privacy-by-design approach

A case study in the health care sector

Miguel Ehecatl Morales-Trujillo, Gabriel Alberto Garcia-Mireles

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

Privacy related elements have become an essential part of any information system. Previous studies reveal a scarcity of research on privacy in software processes, few engineering practices and a lack of methodological support to address privacy requirements in software systems. Introducing Privacy-by-Design (PbD) into software developments is an advantageous solution to tackle privacy related concerns. This paper presents an integration of PbD goals into the ISO/IEC 29110 Basic profile for small software development organizations. The most frequently encountered privacy goals as well as privacy addressing practices from previous methodological proposals were taken into account and included in the form of tasks, work products and roles. As a practical example, we describe a real life project development of a health care system that motivated the creation of the ISO/IEC 29110 PbD extension.

Original languageEnglish
Title of host publicationProceedings - 2018 International Conference on the Quality of Information and Communications Technology, QUATIC 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages56-64
Number of pages9
ISBN (Electronic)9781538658413
DOIs
StatePublished - 26 Dec 2018
Event11th International Conference on the Quality of Information and Communications Technology, QUATIC 2018 - Coimbra, Portugal
Duration: 4 Sep 20187 Sep 2018

Publication series

NameProceedings - 2018 International Conference on the Quality of Information and Communications Technology, QUATIC 2018

Conference

Conference11th International Conference on the Quality of Information and Communications Technology, QUATIC 2018
CountryPortugal
CityCoimbra
Period4/09/187/09/18

Fingerprint

Health care
Software engineering
Information systems
Privacy
Healthcare

Keywords

  • GDPR
  • Privacy by design
  • Software development
  • Software engineering
  • Very small entity

Cite this

Morales-Trujillo, M. E., & Garcia-Mireles, G. A. (2018). Extending ISO/IEC 29110 basic profile with privacy-by-design approach: A case study in the health care sector. In Proceedings - 2018 International Conference on the Quality of Information and Communications Technology, QUATIC 2018 (pp. 56-64). [8590171] (Proceedings - 2018 International Conference on the Quality of Information and Communications Technology, QUATIC 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/QUATIC.2018.00018
Morales-Trujillo, Miguel Ehecatl ; Garcia-Mireles, Gabriel Alberto. / Extending ISO/IEC 29110 basic profile with privacy-by-design approach : A case study in the health care sector. Proceedings - 2018 International Conference on the Quality of Information and Communications Technology, QUATIC 2018. Institute of Electrical and Electronics Engineers Inc., 2018. pp. 56-64 (Proceedings - 2018 International Conference on the Quality of Information and Communications Technology, QUATIC 2018).
@inproceedings{b0f22d9542e54a21b85eaef9d9cbd83b,
title = "Extending ISO/IEC 29110 basic profile with privacy-by-design approach: A case study in the health care sector",
abstract = "Privacy related elements have become an essential part of any information system. Previous studies reveal a scarcity of research on privacy in software processes, few engineering practices and a lack of methodological support to address privacy requirements in software systems. Introducing Privacy-by-Design (PbD) into software developments is an advantageous solution to tackle privacy related concerns. This paper presents an integration of PbD goals into the ISO/IEC 29110 Basic profile for small software development organizations. The most frequently encountered privacy goals as well as privacy addressing practices from previous methodological proposals were taken into account and included in the form of tasks, work products and roles. As a practical example, we describe a real life project development of a health care system that motivated the creation of the ISO/IEC 29110 PbD extension.",
keywords = "GDPR, Privacy by design, Software development, Software engineering, Very small entity",
author = "Morales-Trujillo, {Miguel Ehecatl} and Garcia-Mireles, {Gabriel Alberto}",
year = "2018",
month = "12",
day = "26",
doi = "10.1109/QUATIC.2018.00018",
language = "Ingl{\'e}s",
series = "Proceedings - 2018 International Conference on the Quality of Information and Communications Technology, QUATIC 2018",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "56--64",
booktitle = "Proceedings - 2018 International Conference on the Quality of Information and Communications Technology, QUATIC 2018",
address = "Estados Unidos",

}

Morales-Trujillo, ME & Garcia-Mireles, GA 2018, Extending ISO/IEC 29110 basic profile with privacy-by-design approach: A case study in the health care sector. in Proceedings - 2018 International Conference on the Quality of Information and Communications Technology, QUATIC 2018., 8590171, Proceedings - 2018 International Conference on the Quality of Information and Communications Technology, QUATIC 2018, Institute of Electrical and Electronics Engineers Inc., pp. 56-64, 11th International Conference on the Quality of Information and Communications Technology, QUATIC 2018, Coimbra, Portugal, 4/09/18. https://doi.org/10.1109/QUATIC.2018.00018

Extending ISO/IEC 29110 basic profile with privacy-by-design approach : A case study in the health care sector. / Morales-Trujillo, Miguel Ehecatl; Garcia-Mireles, Gabriel Alberto.

Proceedings - 2018 International Conference on the Quality of Information and Communications Technology, QUATIC 2018. Institute of Electrical and Electronics Engineers Inc., 2018. p. 56-64 8590171 (Proceedings - 2018 International Conference on the Quality of Information and Communications Technology, QUATIC 2018).

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

TY - GEN

T1 - Extending ISO/IEC 29110 basic profile with privacy-by-design approach

T2 - A case study in the health care sector

AU - Morales-Trujillo, Miguel Ehecatl

AU - Garcia-Mireles, Gabriel Alberto

PY - 2018/12/26

Y1 - 2018/12/26

N2 - Privacy related elements have become an essential part of any information system. Previous studies reveal a scarcity of research on privacy in software processes, few engineering practices and a lack of methodological support to address privacy requirements in software systems. Introducing Privacy-by-Design (PbD) into software developments is an advantageous solution to tackle privacy related concerns. This paper presents an integration of PbD goals into the ISO/IEC 29110 Basic profile for small software development organizations. The most frequently encountered privacy goals as well as privacy addressing practices from previous methodological proposals were taken into account and included in the form of tasks, work products and roles. As a practical example, we describe a real life project development of a health care system that motivated the creation of the ISO/IEC 29110 PbD extension.

AB - Privacy related elements have become an essential part of any information system. Previous studies reveal a scarcity of research on privacy in software processes, few engineering practices and a lack of methodological support to address privacy requirements in software systems. Introducing Privacy-by-Design (PbD) into software developments is an advantageous solution to tackle privacy related concerns. This paper presents an integration of PbD goals into the ISO/IEC 29110 Basic profile for small software development organizations. The most frequently encountered privacy goals as well as privacy addressing practices from previous methodological proposals were taken into account and included in the form of tasks, work products and roles. As a practical example, we describe a real life project development of a health care system that motivated the creation of the ISO/IEC 29110 PbD extension.

KW - GDPR

KW - Privacy by design

KW - Software development

KW - Software engineering

KW - Very small entity

UR - http://www.scopus.com/inward/record.url?scp=85061317832&partnerID=8YFLogxK

U2 - 10.1109/QUATIC.2018.00018

DO - 10.1109/QUATIC.2018.00018

M3 - Contribución a la conferencia

T3 - Proceedings - 2018 International Conference on the Quality of Information and Communications Technology, QUATIC 2018

SP - 56

EP - 64

BT - Proceedings - 2018 International Conference on the Quality of Information and Communications Technology, QUATIC 2018

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Morales-Trujillo ME, Garcia-Mireles GA. Extending ISO/IEC 29110 basic profile with privacy-by-design approach: A case study in the health care sector. In Proceedings - 2018 International Conference on the Quality of Information and Communications Technology, QUATIC 2018. Institute of Electrical and Electronics Engineers Inc. 2018. p. 56-64. 8590171. (Proceedings - 2018 International Conference on the Quality of Information and Communications Technology, QUATIC 2018). https://doi.org/10.1109/QUATIC.2018.00018