Analyzing Website privacy requirements using a privacy goal taxonomy

Antón, Annie I.; Earp, Julia B.; Reese, A.

doi:10.1109/icre.2002.1048502

Cited by 68 publications

(64 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This will be explained in further detail below. The privacy policy interpretation and specification troubles are illustrated in a survey article that provides a taxonomy of 'privacy-supporting' and 'privacy-consuming' privacy clauses from real policies [1]. The survey clearly shows that most privacy policies on web pages are carefully drafted to lure the consumers into accepting privacyconsuming clauses.…”

Section: Inadequacy Of Specifying Privacy Policiesmentioning

confidence: 99%

Privacy Policy Referencing

Jøsang

Fritsch

Mahler

2010

Trust, Privacy and Security in Digital Business

View full text Add to dashboard Cite

Abstract. Data protection legislation was originally defined for a context where personal information is mostly stored on centralized servers with limited connectivity or openness to 3rd party access. Currently, servers are connected to the Internet, where large amounts of personal information are continuously being exchanged as part of application transactions. This is very different from the original context of data protection regulation. Even though there are rather strict data protection laws in an increasing number of countries, it is in practice rather challenging to ensure an adequate protection for personal data that is communicated on-line. The enforcement of privacy legislation and policies therefore might require a technological basis, which is integrated with adequate amendments to the legal framework. This article describes a new approach called Privacy Policy Referencing, and outlines the technical and the complementary legal framework that needs to be established to support it.

show abstract

Section: Inadequacy Of Specifying Privacy Policiesmentioning

confidence: 99%

Privacy Policy Referencing

Jøsang

Fritsch

Mahler

2010

Trust, Privacy and Security in Digital Business

View full text Add to dashboard Cite

show abstract

“…Studies following a structured approach to privacy policy analysis led to the development of specific analysis techniques based on goal-oriented requirements engineering practices [1,2,3,4]. These conceptual methods and tools, which are based on goalmining, turned out to be particularly effective for examining website privacy policies.…”

Section: Related Workmentioning

confidence: 99%

“I Need It Now”: Improving Website Usability by Contextualizing Privacy Policies

Bolchini

Antón

et al. 2004

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Internet privacy policies are complex and difficult to use. In the eyes of end-users, website policies appear to be monolithic blocks of poorly structured texts that are difficult to parse when attempting to retrieve specific information. In an increasingly privacy-aware society, end-users must be able to easily access privacy policies while navigating a website's pages and readily understand the relevant parts of the policy. We propose a structured methodology to improve web design and increase user's privacy awareness. This systematic approach allows policy makers to effectively and efficiently reshape their current policies by structuring policies according to the subject that is relevant to specific user interaction contexts, making them more usercentered and user-friendly. The methodology is built upon prior work in privacy policy analysis and navigation context design.

show abstract

“…The predicate requests(a, s) holds if actor a wants service s fulfilled, while provides(a, s) holds if actor a has the capability to fulfill service s. The predicate delegate(exec, a, b, s) holds if actor a delegates 6 Other predicates are used to define properties that will be used during formal analysis. The predicates delegateChain (exec, a, b, s) and trustChain(exec, a, b, s) hold if there is a delegation and a trust chain respectively, between actor a and actor b.…”

Section: Formal Model For Executionmentioning

confidence: 99%

“…The work by Liu et al [41] uses i*/Tropos for dealing with security and privacy requirements by introducing softgoal 1 , as "Security" or "Privacy", to model these notions, and use dependencies analysis to check if the system is secure. In [5,6], general taxonomies for security and privacy are established. These can serve as a general knowledge repository for a knowledge-based goal refinement process.…”

Section: Security Requirements Engineering: a Surveymentioning

confidence: 99%

Security and Trust Requirements Engineering

Giorgini

Massacci

Zannone

2005

Foundations of Security Analysis and Design III

View full text Add to dashboard Cite

Abstract. Integrating security concerns throughout the whole software development process is one of today's challenges in software and requirements engineering research. A challenge that so far has proved difficult to meet. The major difficulty is that providing security does not only require to solve technical problems but also to reason on the organization as a whole. This makes the usage of traditional software engineering methologies difficult or unsatisfactory: most proposals focus on protection aspects of security and explicitly deal with low level protection mechanisms and only an handful of them show the ability of capturing the high-level organizational security requirements, without getting suddenly bogged down into security protocols or cryptography algorithms. In this paper we critically review the state of the art in security requirements engineering and discuss the motivations that led us to propose the Secure Tropos methodology, a formal framework for modelling and analyzing security, that enhances the agent-oriented software development methodology i*/Tropos. We illustrate the Secure Tropos approach, a comprehensive case study, and discuss some later refinements of the Secure Tropos methodology to address some of its shortcomings. Finally, we introduce the ST-Tool, a CASE tool that supports our methodology.

show abstract

Analyzing Website privacy requirements using a privacy goal taxonomy

Cited by 68 publications

References 8 publications

Privacy Policy Referencing

Privacy Policy Referencing

“I Need It Now”: Improving Website Usability by Contextualizing Privacy Policies

Security and Trust Requirements Engineering

Contact Info

Product

Resources

About