Time: Tuesday 12.09.2017, 14.15–15.00

Room: C121

Speaker: Pedro Barbosa, joint work with Andrey Brito and Hyggo Almeida.

Title: Privacy by Evidence: A Software Development Methodology to Provide Privacy Assurance

Abstract:

In an increasingly connected world, a diversity of software and sensors collect data from the environment and its inhabitants. Because of the richness of the information, privacy becomes a requirement. Applications are developed, and, although there are principles regarding privacy, there is a lack of methodologies to guide the integration of privacy guidelines into the development process. Unfortunately, existing methodologies like the Privacy by Design (PbD) are still vague and leave many open questions on how to apply them. We propose the concept of Privacy by Evidence (PbE), a software development methodology to provide privacy assurance. Given the difficulty in providing total privacy, we propose to document the mitigations in form of evidences of privacy, aiming to increase the confidence of the project. To validate its effectiveness, PbE has been used during the development of three applications (case studies). The first case study is a smart metering application; the second considers a people counting and monitoring application; and the third considers an energy efficiency monitoring system. For these applications, the teams were able to provide at least five evidences of privacy each, and we conclude that PbE can be effective in helping to develop privacy-friendly applications.