Using Privacy Process Patterns for Incorporating Privacy Requirements into the System Design Process

In the online world every person has to hold a number of different data sets so as to be able to have access to various e-services and take part in specific economical and social transactions. Such data sets require special consideration since they may convey personal data, sensitive personal data, employee data, credit card data etc. Recent surveys have shown that people feel that their privacy is at risk from identity theft and erosion of individual rights. The result is that privacy violation is becoming an increasingly critical issue in modern societies. To this end, PriS, a new security requirements engineering methodology, has been introduced aiming to incorporate privacy requirements early in the system development process. In this paper, we extend the PriS conceptual framework by introducing privacy process patterns as a way for describing the effect of privacy requirements on business processes. In addition, privacy process patterns facilitate the identification of the system architecture that best supports the privacy-related business processes, thus providing a holistic approach from business goals to `privacy-compliant' IT systems

[1]  Pericles Loucopoulos,et al.  Enterprise Knowledge Management and Conceptual Modelling , 1997, Conceptual Modeling.

[2]  Stefanos Gritzalis,et al.  Incorporating privacy requirements into the system design process: The PriS conceptual framework , 2006, Internet Res..

[3]  Sjaak Brinkkemper,et al.  From Information Modelling to Enterprise Modelling , 2000 .

[4]  S. Fischer-h bner IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms , 2001 .

[5]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[6]  Hank Wolfe Privacy enhancing technology , 1997 .

[7]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[8]  Andreas Pfitzmann,et al.  Networks without user observability , 1987, Comput. Secur..

[9]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[10]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.

[11]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[12]  Oscar Barros,et al.  Business process patterns and frameworks: Reusing knowledge in process innovation , 2007, Bus. Process. Manag. J..

[13]  Christian Grothoff,et al.  gap - Practical Anonymous Networking , 2003, Privacy Enhancing Technologies.

[14]  J. C. Cannon Privacy: What Developers and IT Professionals Should Know , 2004 .

[15]  Sjaak Brinkkemper,et al.  Information Systems Engineering: State of the Art and Research Themes , 2000 .

[16]  Brian Neil Levine,et al.  A protocol for anonymous communication over the Internet , 2000, CCS.

[17]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[18]  Michael K. Reiter,et al.  Anonymous Web transactions with Crowds , 1999, CACM.

[19]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .