Assessing regulatory change through legal requirements coverage modeling

Developing global markets offer companies new opportunities to manufacture and sell information technology (IT) products in ways unforeseen by current laws and regulations. This innovation leads to changing requirements due to changes in product features, laws, or the locality where the product is sold or manufactured. To help developers rationalize these changes, we introduce a preliminary framework and method that can be used by requirements engineers and their legal teams to identify relevant legal requirements and trace changes in requirements coverage. The framework includes a method to translate IT regulations into a legal requirements coverage model used to make coverage assertions about existing or planned IT systems. We evaluated the framework in a case study using three IT laws: California's Confidentiality of Medical Records Act, the U.S. Health Information Portability and Accountability Act (HIPAA) and amendments from the Health Information Technology for Economic and Clinical Health (HITECH) Act, and the India 2011 Information Technology Rules. Further, we demonstrate the framework using three scenarios: new product features are proposed; product-related services are outsourced abroad; and regulations change to address changes in the market.

[1]  Jean Hartley,et al.  Case study research , 2004 .

[2]  Leah M. Christensen The Paradox of Legal Expertise: A Study of Experts and Novices Reading the Law , 2007 .

[3]  Annie I. Antón,et al.  Legal requirements acquisition for the specification of legally compliant information systems , 2009 .

[4]  Stephen Fickas,et al.  Goal-Directed Requirements Acquisition , 1993, Sci. Comput. Program..

[5]  W. Crain,et al.  The Impact of Regulatory Costs on Small Firms , 2005 .

[6]  Michael Jackson,et al.  The World and the Machine , 1995, 1995 17th International Conference on Software Engineering.

[7]  Annie I. Antón,et al.  A legal cross-references taxonomy for reasoning about compliance requirements , 2012, Requirements Engineering.

[8]  Marek J. Sergot,et al.  The British Nationality Act as a logic program , 1986, CACM.

[9]  Layman E. Allen,et al.  Better language, better thought, better communication: the A-Hohfeld language for legal analysis , 1995, ICAIL '95.

[10]  Annie I. Antón,et al.  Towards Regulatory Compliance: Extracting Rights and Obligations to Align Requirements with Regulations , 2006, 14th IEEE International Requirements Engineering Conference (RE'06).

[11]  Annie I. Antón,et al.  Managing changing compliance requirements by predicting regulatory evolution , 2012, 2012 20th IEEE International Requirements Engineering Conference (RE).

[12]  Travis D. Breaux,et al.  Regulatory Requirements Traceability and Analysis Using Semi-formal Specifications , 2013, REFSQ.

[13]  Annie I. Antón,et al.  A legal cross-references taxonomy for identifying conflicting software requirements , 2011, 2011 IEEE 19th International Requirements Engineering Conference.

[14]  H. Black,et al.  Black's Law Dictionary , 1968 .

[15]  Robert D. Tennent,et al.  The denotational semantics of programming languages , 1976, CACM.

[16]  Annie I. Antón,et al.  Developing Production Rule Models to Aid in Acquiring Requirements from Legal Texts , 2009, 2009 17th IEEE International Requirements Engineering Conference.

[17]  Kincho H. Law,et al.  Similarity analysis on government regulations , 2003, KDD '03.

[18]  Annie I. Antón,et al.  Analyzing Regulatory Rules for Privacy and Security Requirements , 2008, IEEE Transactions on Software Engineering.

[19]  Annie I. Antón,et al.  Legal Requirements, Compliance and Practice: An Industry Case Study in Accessibility , 2008, 2008 16th IEEE International Requirements Engineering Conference.

[20]  Daniela Tiscornia,et al.  Esplex: A rule and conceptual model for representing statutes , 1987, ICAIL '87.

[21]  Travis D. Breaux,et al.  Legally "reasonable" security requirements: A 10-year FTC retrospective , 2011, Comput. Secur..

[22]  M. Hart,et al.  SOME FUNDAMENTAL LEGAL CONCEPTIONS AS APPLIED IN JUDICIAL REASONING , 2008 .

[23]  N. Isaacs,et al.  Fundamental Legal Conceptions as Applied in Judicial Reasoning: And Other Legal Essays , 2010 .

[24]  Travis D. Breaux,et al.  Reconciling multi-jurisdictional legal requirements: A case study in requirements water marking , 2012, 2012 20th IEEE International Requirements Engineering Conference (RE).