Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws

Detalhes bibliográficos
Autor(a) principal: SILVA NETTO, Dorgival Pereira da
Data de Publicação: 2021
Tipo de documento: Tese
Idioma: eng
Título da fonte: Repositório Institucional da UFPE
dARK ID: ark:/64986/0013000014tgc
Texto Completo: https://repositorio.ufpe.br/handle/123456789/44239
Resumo: Software requirements are mainly specified using natural language, but it brings chal- lenges as it is prone to produce ambiguous specifications. These challenges become bigger when dealing with software requirements that must comply with regulations, the so-called le- gal requirements. Ambiguous requirements specifications may cause the system not to satisfy the stakeholders’ needs and not comply with the legislation. Existing Requirements Engineer- ing approaches to addressing ambiguity and/or achieving legal compliance are not based on knowledge from empirical studies conducted in the software development industry. This thesis aims to overcome this limitation by providing a set of factors and guidelines that help re- duce ambiguity in legal requirements specification and achieve specifications compliant with data protection laws. To achieve this objective, we initially carried out a broad study in the literature to characterize the landscape of legal requirements engineering concerning privacy and security. Then, we analyzed works that developed approaches to deal with ambiguity in the specification of legal requirements. We then investigated how the software development industry tackles the problem through an exploratory study based on semi-structured interviews with twenty-two professionals from public and private companies. Data collected from the interviews were analyzed using grounded theory techniques. We identified factors and out- lined a theory explaining the relationships between them and how they reduce ambiguity in the specification of legal requirements and the compliance of such requirements with data privacy laws. To validate these factors, we conducted a self-administered online survey with professionals. Findings from the studies reveal that discussions among the team, customer, specialized support areas (Legal Sector, Ambiguity Analysis sector, Anonymization Sector), consulting experienced team members with domain knowledge reduce ambiguity and promote legal compliance in requirements specifications. The theory that emerged from the interviews explains a set of factors influencing the work practices used by public and private companies to deal with ambiguity in legal requirements specification and achieve their compliance with regulations. Researchers and practitioners can use these factors and guidelines to leverage the methods and tools they develop or use to support legal requirements specifications.
id UFPE_001bb578565cb881de64ac4a77533101
oai_identifier_str oai:repositorio.ufpe.br:123456789/44239
network_acronym_str UFPE
network_name_str Repositório Institucional da UFPE
repository_id_str 2221
spelling SILVA NETTO, Dorgival Pereira dahttp://lattes.cnpq.br/6404552479445485http://lattes.cnpq.br/0581226769296441SCHUENEMANN, Carla Taciana Lima Lourenço Silva2022-04-28T18:35:44Z2022-04-28T18:35:44Z2021-10-29SILVA NETTO, Dorgival Pereira da. Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws. 2021. Tese (Doutorado em Ciência da Computação) - Universidade Federal de Pernambuco, Recife, 2021.https://repositorio.ufpe.br/handle/123456789/44239ark:/64986/0013000014tgcSoftware requirements are mainly specified using natural language, but it brings chal- lenges as it is prone to produce ambiguous specifications. These challenges become bigger when dealing with software requirements that must comply with regulations, the so-called le- gal requirements. Ambiguous requirements specifications may cause the system not to satisfy the stakeholders’ needs and not comply with the legislation. Existing Requirements Engineer- ing approaches to addressing ambiguity and/or achieving legal compliance are not based on knowledge from empirical studies conducted in the software development industry. This thesis aims to overcome this limitation by providing a set of factors and guidelines that help re- duce ambiguity in legal requirements specification and achieve specifications compliant with data protection laws. To achieve this objective, we initially carried out a broad study in the literature to characterize the landscape of legal requirements engineering concerning privacy and security. Then, we analyzed works that developed approaches to deal with ambiguity in the specification of legal requirements. We then investigated how the software development industry tackles the problem through an exploratory study based on semi-structured interviews with twenty-two professionals from public and private companies. Data collected from the interviews were analyzed using grounded theory techniques. We identified factors and out- lined a theory explaining the relationships between them and how they reduce ambiguity in the specification of legal requirements and the compliance of such requirements with data privacy laws. To validate these factors, we conducted a self-administered online survey with professionals. Findings from the studies reveal that discussions among the team, customer, specialized support areas (Legal Sector, Ambiguity Analysis sector, Anonymization Sector), consulting experienced team members with domain knowledge reduce ambiguity and promote legal compliance in requirements specifications. The theory that emerged from the interviews explains a set of factors influencing the work practices used by public and private companies to deal with ambiguity in legal requirements specification and achieve their compliance with regulations. Researchers and practitioners can use these factors and guidelines to leverage the methods and tools they develop or use to support legal requirements specifications.Requisitos de software são especificados principalmente utilizando linguagem natural, mas traz desafios, pois tende a produzir especificações ambíguas. Estes desafios tornam-se maiores quando lidam com requisitos de software que devem estar em conformidade com legislações, chamados de requisitos legais. Especificação de requisitos ambígua pode fazer com que o sis- tema não atenda aos desejos dos stakeholders e não esteja em conformidade com a legislação. As abordagens existentes da Engenharia de Requisitos têm como objetivo tratar a ambiguidade e/ou obter a conformidade legal não são baseadas no conhecimento que emergiu de estudos empíricos conduzidos na indústria de desenvolvimento de software. O objetivo desta tese é superar essa limitação fornecendo um conjunto de fatores e diretrizes que auxiliam na redução da ambiguidade na especificação de requisitos legais e na obtenção de especificações em con- formidade com leis de proteção de dados. Para alcançar o objetivo, inicialmente realizamos um estudo amplo na literatura para caracterizar o panorama da engenharia de requisitos legais em relação à privacidade e segurança. Em seguida, realizamos uma análise de trabalhos que desenvolveram abordagens para lidar com ambiguidade na especificação de requisitos legais. Então, investigamos como o problema é tratado pela indústria de desenvolvimento de software através de um estudo exploratório baseado em entrevistas semiestruturadas com vinte e dois profissionais de empresas públicas e privadas. Os dados coletados a partir das entrevistas foram analisados utilizando técnicas de teoria fundamentada. Identificamos fatores e esboçamos uma teoria explicando o relacionamento entre esses fatores e como eles contribuem para a redução da ambiguidade na especificação de requisitos legais e a conformidade de tais requisitos com leis de proteção de dados. Para validar esses fatores, nós conduzimos um questionário online autoadministrado com profissionais. Os resultados dos estudos revelam que as discussões en- tre a equipe, o cliente e as áreas de suporte especializado (Setor Jurídico, setor de Análise de Ambiguidade, setor de Anonimização), a consulta a membros experientes da equipe com conhecimento do domínio reduzem a ambiguidade e favorecem a conformidade legal nas es- pecificações de requisitos. A teoria que emergiu das entrevistas explica um conjunto de fatores influenciando as práticas de trabalho utilizadas por empresas públicas e privadas para lidar com a ambiguidade na especificação de requisitos legais e o alcance da conformidade com as legislações. Pesquisadores e profissionais podem utilizar estes fatores e as diretrizes para alavancar os métodos e ferramentas que desenvolvem ou utilizam para apoiar a especificação de requisitos legais.engUniversidade Federal de PernambucoPrograma de Pos Graduacao em Ciencia da ComputacaoUFPEBrasilAttribution-NonCommercial-NoDerivs 3.0 Brazilhttp://creativecommons.org/licenses/by-nc-nd/3.0/br/info:eu-repo/semantics/openAccessEngenharia de softwareEngenharia de requisitosFactors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection lawsinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/doctoralThesisdoutoradoreponame:Repositório Institucional da UFPEinstname:Universidade Federal de Pernambuco (UFPE)instacron:UFPEORIGINALTESE Dorgival Pereira da Silva Netto.pdfTESE Dorgival Pereira da Silva Netto.pdfapplication/pdf7136773https://repositorio.ufpe.br/bitstream/123456789/44239/1/TESE%20Dorgival%20Pereira%20da%20Silva%20Netto.pdfe95911cd65301dd3cabbc1036c64a691MD51CC-LICENSElicense_rdflicense_rdfapplication/rdf+xml; charset=utf-8811https://repositorio.ufpe.br/bitstream/123456789/44239/2/license_rdfe39d27027a6cc9cb039ad269a5db8e34MD52LICENSElicense.txtlicense.txttext/plain; charset=utf-82142https://repositorio.ufpe.br/bitstream/123456789/44239/3/license.txt6928b9260b07fb2755249a5ca9903395MD53TEXTTESE Dorgival Pereira da Silva Netto.pdf.txtTESE Dorgival Pereira da Silva Netto.pdf.txtExtracted texttext/plain507963https://repositorio.ufpe.br/bitstream/123456789/44239/4/TESE%20Dorgival%20Pereira%20da%20Silva%20Netto.pdf.txte4d3499e21903ac66ddc55dc76a3da67MD54THUMBNAILTESE Dorgival Pereira da Silva Netto.pdf.jpgTESE Dorgival Pereira da Silva Netto.pdf.jpgGenerated Thumbnailimage/jpeg1227https://repositorio.ufpe.br/bitstream/123456789/44239/5/TESE%20Dorgival%20Pereira%20da%20Silva%20Netto.pdf.jpg1401108c9037fa9ea76d1c52c05a220eMD55123456789/442392022-04-29 02:16:20.026oai:repositorio.ufpe.br:123456789/44239VGVybW8gZGUgRGVww7NzaXRvIExlZ2FsIGUgQXV0b3JpemHDp8OjbyBwYXJhIFB1YmxpY2HDp8OjbyBkZSBEb2N1bWVudG9zIG5vIFJlcG9zaXTDs3JpbyBEaWdpdGFsIGRhIFVGUEUKIAoKRGVjbGFybyBlc3RhciBjaWVudGUgZGUgcXVlIGVzdGUgVGVybW8gZGUgRGVww7NzaXRvIExlZ2FsIGUgQXV0b3JpemHDp8OjbyB0ZW0gbyBvYmpldGl2byBkZSBkaXZ1bGdhw6fDo28gZG9zIGRvY3VtZW50b3MgZGVwb3NpdGFkb3Mgbm8gUmVwb3NpdMOzcmlvIERpZ2l0YWwgZGEgVUZQRSBlIGRlY2xhcm8gcXVlOgoKSSAtICBvIGNvbnRlw7pkbyBkaXNwb25pYmlsaXphZG8gw6kgZGUgcmVzcG9uc2FiaWxpZGFkZSBkZSBzdWEgYXV0b3JpYTsKCklJIC0gbyBjb250ZcO6ZG8gw6kgb3JpZ2luYWwsIGUgc2UgbyB0cmFiYWxobyBlL291IHBhbGF2cmFzIGRlIG91dHJhcyBwZXNzb2FzIGZvcmFtIHV0aWxpemFkb3MsIGVzdGFzIGZvcmFtIGRldmlkYW1lbnRlIHJlY29uaGVjaWRhczsKCklJSSAtIHF1YW5kbyB0cmF0YXItc2UgZGUgVHJhYmFsaG8gZGUgQ29uY2x1c8OjbyBkZSBDdXJzbywgRGlzc2VydGHDp8OjbyBvdSBUZXNlOiBvIGFycXVpdm8gZGVwb3NpdGFkbyBjb3JyZXNwb25kZSDDoCB2ZXJzw6NvIGZpbmFsIGRvIHRyYWJhbGhvOwoKSVYgLSBxdWFuZG8gdHJhdGFyLXNlIGRlIFRyYWJhbGhvIGRlIENvbmNsdXPDo28gZGUgQ3Vyc28sIERpc3NlcnRhw6fDo28gb3UgVGVzZTogZXN0b3UgY2llbnRlIGRlIHF1ZSBhIGFsdGVyYcOnw6NvIGRhIG1vZGFsaWRhZGUgZGUgYWNlc3NvIGFvIGRvY3VtZW50byBhcMOzcyBvIGRlcMOzc2l0byBlIGFudGVzIGRlIGZpbmRhciBvIHBlcsOtb2RvIGRlIGVtYmFyZ28sIHF1YW5kbyBmb3IgZXNjb2xoaWRvIGFjZXNzbyByZXN0cml0bywgc2Vyw6EgcGVybWl0aWRhIG1lZGlhbnRlIHNvbGljaXRhw6fDo28gZG8gKGEpIGF1dG9yIChhKSBhbyBTaXN0ZW1hIEludGVncmFkbyBkZSBCaWJsaW90ZWNhcyBkYSBVRlBFIChTSUIvVUZQRSkuCgogClBhcmEgdHJhYmFsaG9zIGVtIEFjZXNzbyBBYmVydG86CgpOYSBxdWFsaWRhZGUgZGUgdGl0dWxhciBkb3MgZGlyZWl0b3MgYXV0b3JhaXMgZGUgYXV0b3IgcXVlIHJlY2FlbSBzb2JyZSBlc3RlIGRvY3VtZW50bywgZnVuZGFtZW50YWRvIG5hIExlaSBkZSBEaXJlaXRvIEF1dG9yYWwgbm8gOS42MTAsIGRlIDE5IGRlIGZldmVyZWlybyBkZSAxOTk4LCBhcnQuIDI5LCBpbmNpc28gSUlJLCBhdXRvcml6byBhIFVuaXZlcnNpZGFkZSBGZWRlcmFsIGRlIFBlcm5hbWJ1Y28gYSBkaXNwb25pYmlsaXphciBncmF0dWl0YW1lbnRlLCBzZW0gcmVzc2FyY2ltZW50byBkb3MgZGlyZWl0b3MgYXV0b3JhaXMsIHBhcmEgZmlucyBkZSBsZWl0dXJhLCBpbXByZXNzw6NvIGUvb3UgZG93bmxvYWQgKGFxdWlzacOnw6NvKSBhdHJhdsOpcyBkbyBzaXRlIGRvIFJlcG9zaXTDs3JpbyBEaWdpdGFsIGRhIFVGUEUgbm8gZW5kZXJlw6dvIGh0dHA6Ly93d3cucmVwb3NpdG9yaW8udWZwZS5iciwgYSBwYXJ0aXIgZGEgZGF0YSBkZSBkZXDDs3NpdG8uCgogClBhcmEgdHJhYmFsaG9zIGVtIEFjZXNzbyBSZXN0cml0bzoKCk5hIHF1YWxpZGFkZSBkZSB0aXR1bGFyIGRvcyBkaXJlaXRvcyBhdXRvcmFpcyBkZSBhdXRvciBxdWUgcmVjYWVtIHNvYnJlIGVzdGUgZG9jdW1lbnRvLCBmdW5kYW1lbnRhZG8gbmEgTGVpIGRlIERpcmVpdG8gQXV0b3JhbCBubyA5LjYxMCBkZSAxOSBkZSBmZXZlcmVpcm8gZGUgMTk5OCwgYXJ0LiAyOSwgaW5jaXNvIElJSSwgYXV0b3Jpem8gYSBVbml2ZXJzaWRhZGUgRmVkZXJhbCBkZSBQZXJuYW1idWNvIGEgZGlzcG9uaWJpbGl6YXIgZ3JhdHVpdGFtZW50ZSwgc2VtIHJlc3NhcmNpbWVudG8gZG9zIGRpcmVpdG9zIGF1dG9yYWlzLCBwYXJhIGZpbnMgZGUgbGVpdHVyYSwgaW1wcmVzc8OjbyBlL291IGRvd25sb2FkIChhcXVpc2nDp8OjbykgYXRyYXbDqXMgZG8gc2l0ZSBkbyBSZXBvc2l0w7NyaW8gRGlnaXRhbCBkYSBVRlBFIG5vIGVuZGVyZcOnbyBodHRwOi8vd3d3LnJlcG9zaXRvcmlvLnVmcGUuYnIsIHF1YW5kbyBmaW5kYXIgbyBwZXLDrW9kbyBkZSBlbWJhcmdvIGNvbmRpemVudGUgYW8gdGlwbyBkZSBkb2N1bWVudG8sIGNvbmZvcm1lIGluZGljYWRvIG5vIGNhbXBvIERhdGEgZGUgRW1iYXJnby4KRepositório InstitucionalPUBhttps://repositorio.ufpe.br/oai/requestattena@ufpe.bropendoar:22212022-04-29T05:16:20Repositório Institucional da UFPE - Universidade Federal de Pernambuco (UFPE)false
dc.title.pt_BR.fl_str_mv Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws
title Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws
spellingShingle Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws
SILVA NETTO, Dorgival Pereira da
Engenharia de software
Engenharia de requisitos
title_short Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws
title_full Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws
title_fullStr Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws
title_full_unstemmed Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws
title_sort Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws
author SILVA NETTO, Dorgival Pereira da
author_facet SILVA NETTO, Dorgival Pereira da
author_role author
dc.contributor.authorLattes.pt_BR.fl_str_mv http://lattes.cnpq.br/6404552479445485
dc.contributor.advisorLattes.pt_BR.fl_str_mv http://lattes.cnpq.br/0581226769296441
dc.contributor.author.fl_str_mv SILVA NETTO, Dorgival Pereira da
dc.contributor.advisor1.fl_str_mv SCHUENEMANN, Carla Taciana Lima Lourenço Silva
contributor_str_mv SCHUENEMANN, Carla Taciana Lima Lourenço Silva
dc.subject.por.fl_str_mv Engenharia de software
Engenharia de requisitos
topic Engenharia de software
Engenharia de requisitos
description Software requirements are mainly specified using natural language, but it brings chal- lenges as it is prone to produce ambiguous specifications. These challenges become bigger when dealing with software requirements that must comply with regulations, the so-called le- gal requirements. Ambiguous requirements specifications may cause the system not to satisfy the stakeholders’ needs and not comply with the legislation. Existing Requirements Engineer- ing approaches to addressing ambiguity and/or achieving legal compliance are not based on knowledge from empirical studies conducted in the software development industry. This thesis aims to overcome this limitation by providing a set of factors and guidelines that help re- duce ambiguity in legal requirements specification and achieve specifications compliant with data protection laws. To achieve this objective, we initially carried out a broad study in the literature to characterize the landscape of legal requirements engineering concerning privacy and security. Then, we analyzed works that developed approaches to deal with ambiguity in the specification of legal requirements. We then investigated how the software development industry tackles the problem through an exploratory study based on semi-structured interviews with twenty-two professionals from public and private companies. Data collected from the interviews were analyzed using grounded theory techniques. We identified factors and out- lined a theory explaining the relationships between them and how they reduce ambiguity in the specification of legal requirements and the compliance of such requirements with data privacy laws. To validate these factors, we conducted a self-administered online survey with professionals. Findings from the studies reveal that discussions among the team, customer, specialized support areas (Legal Sector, Ambiguity Analysis sector, Anonymization Sector), consulting experienced team members with domain knowledge reduce ambiguity and promote legal compliance in requirements specifications. The theory that emerged from the interviews explains a set of factors influencing the work practices used by public and private companies to deal with ambiguity in legal requirements specification and achieve their compliance with regulations. Researchers and practitioners can use these factors and guidelines to leverage the methods and tools they develop or use to support legal requirements specifications.
publishDate 2021
dc.date.issued.fl_str_mv 2021-10-29
dc.date.accessioned.fl_str_mv 2022-04-28T18:35:44Z
dc.date.available.fl_str_mv 2022-04-28T18:35:44Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/doctoralThesis
format doctoralThesis
status_str publishedVersion
dc.identifier.citation.fl_str_mv SILVA NETTO, Dorgival Pereira da. Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws. 2021. Tese (Doutorado em Ciência da Computação) - Universidade Federal de Pernambuco, Recife, 2021.
dc.identifier.uri.fl_str_mv https://repositorio.ufpe.br/handle/123456789/44239
dc.identifier.dark.fl_str_mv ark:/64986/0013000014tgc
identifier_str_mv SILVA NETTO, Dorgival Pereira da. Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws. 2021. Tese (Doutorado em Ciência da Computação) - Universidade Federal de Pernambuco, Recife, 2021.
ark:/64986/0013000014tgc
url https://repositorio.ufpe.br/handle/123456789/44239
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv Attribution-NonCommercial-NoDerivs 3.0 Brazil
http://creativecommons.org/licenses/by-nc-nd/3.0/br/
info:eu-repo/semantics/openAccess
rights_invalid_str_mv Attribution-NonCommercial-NoDerivs 3.0 Brazil
http://creativecommons.org/licenses/by-nc-nd/3.0/br/
eu_rights_str_mv openAccess
dc.publisher.none.fl_str_mv Universidade Federal de Pernambuco
dc.publisher.program.fl_str_mv Programa de Pos Graduacao em Ciencia da Computacao
dc.publisher.initials.fl_str_mv UFPE
dc.publisher.country.fl_str_mv Brasil
publisher.none.fl_str_mv Universidade Federal de Pernambuco
dc.source.none.fl_str_mv reponame:Repositório Institucional da UFPE
instname:Universidade Federal de Pernambuco (UFPE)
instacron:UFPE
instname_str Universidade Federal de Pernambuco (UFPE)
instacron_str UFPE
institution UFPE
reponame_str Repositório Institucional da UFPE
collection Repositório Institucional da UFPE
bitstream.url.fl_str_mv https://repositorio.ufpe.br/bitstream/123456789/44239/1/TESE%20Dorgival%20Pereira%20da%20Silva%20Netto.pdf
https://repositorio.ufpe.br/bitstream/123456789/44239/2/license_rdf
https://repositorio.ufpe.br/bitstream/123456789/44239/3/license.txt
https://repositorio.ufpe.br/bitstream/123456789/44239/4/TESE%20Dorgival%20Pereira%20da%20Silva%20Netto.pdf.txt
https://repositorio.ufpe.br/bitstream/123456789/44239/5/TESE%20Dorgival%20Pereira%20da%20Silva%20Netto.pdf.jpg
bitstream.checksum.fl_str_mv e95911cd65301dd3cabbc1036c64a691
e39d27027a6cc9cb039ad269a5db8e34
6928b9260b07fb2755249a5ca9903395
e4d3499e21903ac66ddc55dc76a3da67
1401108c9037fa9ea76d1c52c05a220e
bitstream.checksumAlgorithm.fl_str_mv MD5
MD5
MD5
MD5
MD5
repository.name.fl_str_mv Repositório Institucional da UFPE - Universidade Federal de Pernambuco (UFPE)
repository.mail.fl_str_mv attena@ufpe.br
_version_ 1814448441868156928

Registros relacionados