Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws
| Autor(a) principal: | |
|---|---|
| Data de Publicação: | 2021 |
| Tipo de documento: | Tese |
| Idioma: | eng |
| Título da fonte: | Repositório Institucional da UFPE |
| Texto Completo: | https://repositorio.ufpe.br/handle/123456789/44239 |
Resumo: | Software requirements are mainly specified using natural language, but it brings chal- lenges as it is prone to produce ambiguous specifications. These challenges become bigger when dealing with software requirements that must comply with regulations, the so-called le- gal requirements. Ambiguous requirements specifications may cause the system not to satisfy the stakeholders’ needs and not comply with the legislation. Existing Requirements Engineer- ing approaches to addressing ambiguity and/or achieving legal compliance are not based on knowledge from empirical studies conducted in the software development industry. This thesis aims to overcome this limitation by providing a set of factors and guidelines that help re- duce ambiguity in legal requirements specification and achieve specifications compliant with data protection laws. To achieve this objective, we initially carried out a broad study in the literature to characterize the landscape of legal requirements engineering concerning privacy and security. Then, we analyzed works that developed approaches to deal with ambiguity in the specification of legal requirements. We then investigated how the software development industry tackles the problem through an exploratory study based on semi-structured interviews with twenty-two professionals from public and private companies. Data collected from the interviews were analyzed using grounded theory techniques. We identified factors and out- lined a theory explaining the relationships between them and how they reduce ambiguity in the specification of legal requirements and the compliance of such requirements with data privacy laws. To validate these factors, we conducted a self-administered online survey with professionals. Findings from the studies reveal that discussions among the team, customer, specialized support areas (Legal Sector, Ambiguity Analysis sector, Anonymization Sector), consulting experienced team members with domain knowledge reduce ambiguity and promote legal compliance in requirements specifications. The theory that emerged from the interviews explains a set of factors influencing the work practices used by public and private companies to deal with ambiguity in legal requirements specification and achieve their compliance with regulations. Researchers and practitioners can use these factors and guidelines to leverage the methods and tools they develop or use to support legal requirements specifications. |
| id |
UFPE_001bb578565cb881de64ac4a77533101 |
|---|---|
| oai_identifier_str |
oai:repositorio.ufpe.br:123456789/44239 |
| network_acronym_str |
UFPE |
| network_name_str |
Repositório Institucional da UFPE |
| repository_id_str |
2221 |
| spelling |
SILVA NETTO, Dorgival Pereira dahttp://lattes.cnpq.br/6404552479445485http://lattes.cnpq.br/0581226769296441SCHUENEMANN, Carla Taciana Lima Lourenço Silva2022-04-28T18:35:44Z2022-04-28T18:35:44Z2021-10-29SILVA NETTO, Dorgival Pereira da. Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws. 2021. Tese (Doutorado em Ciência da Computação) - Universidade Federal de Pernambuco, Recife, 2021.https://repositorio.ufpe.br/handle/123456789/44239Software requirements are mainly specified using natural language, but it brings chal- lenges as it is prone to produce ambiguous specifications. These challenges become bigger when dealing with software requirements that must comply with regulations, the so-called le- gal requirements. Ambiguous requirements specifications may cause the system not to satisfy the stakeholders’ needs and not comply with the legislation. Existing Requirements Engineer- ing approaches to addressing ambiguity and/or achieving legal compliance are not based on knowledge from empirical studies conducted in the software development industry. This thesis aims to overcome this limitation by providing a set of factors and guidelines that help re- duce ambiguity in legal requirements specification and achieve specifications compliant with data protection laws. To achieve this objective, we initially carried out a broad study in the literature to characterize the landscape of legal requirements engineering concerning privacy and security. Then, we analyzed works that developed approaches to deal with ambiguity in the specification of legal requirements. We then investigated how the software development industry tackles the problem through an exploratory study based on semi-structured interviews with twenty-two professionals from public and private companies. Data collected from the interviews were analyzed using grounded theory techniques. We identified factors and out- lined a theory explaining the relationships between them and how they reduce ambiguity in the specification of legal requirements and the compliance of such requirements with data privacy laws. To validate these factors, we conducted a self-administered online survey with professionals. Findings from the studies reveal that discussions among the team, customer, specialized support areas (Legal Sector, Ambiguity Analysis sector, Anonymization Sector), consulting experienced team members with domain knowledge reduce ambiguity and promote legal compliance in requirements specifications. The theory that emerged from the interviews explains a set of factors influencing the work practices used by public and private companies to deal with ambiguity in legal requirements specification and achieve their compliance with regulations. Researchers and practitioners can use these factors and guidelines to leverage the methods and tools they develop or use to support legal requirements specifications.Requisitos de software são especificados principalmente utilizando linguagem natural, mas traz desafios, pois tende a produzir especificações ambíguas. Estes desafios tornam-se maiores quando lidam com requisitos de software que devem estar em conformidade com legislações, chamados de requisitos legais. Especificação de requisitos ambígua pode fazer com que o sis- tema não atenda aos desejos dos stakeholders e não esteja em conformidade com a legislação. As abordagens existentes da Engenharia de Requisitos têm como objetivo tratar a ambiguidade e/ou obter a conformidade legal não são baseadas no conhecimento que emergiu de estudos empíricos conduzidos na indústria de desenvolvimento de software. O objetivo desta tese é superar essa limitação fornecendo um conjunto de fatores e diretrizes que auxiliam na redução da ambiguidade na especificação de requisitos legais e na obtenção de especificações em con- formidade com leis de proteção de dados. Para alcançar o objetivo, inicialmente realizamos um estudo amplo na literatura para caracterizar o panorama da engenharia de requisitos legais em relação à privacidade e segurança. Em seguida, realizamos uma análise de trabalhos que desenvolveram abordagens para lidar com ambiguidade na especificação de requisitos legais. Então, investigamos como o problema é tratado pela indústria de desenvolvimento de software através de um estudo exploratório baseado em entrevistas semiestruturadas com vinte e dois profissionais de empresas públicas e privadas. Os dados coletados a partir das entrevistas foram analisados utilizando técnicas de teoria fundamentada. Identificamos fatores e esboçamos uma teoria explicando o relacionamento entre esses fatores e como eles contribuem para a redução da ambiguidade na especificação de requisitos legais e a conformidade de tais requisitos com leis de proteção de dados. Para validar esses fatores, nós conduzimos um questionário online autoadministrado com profissionais. Os resultados dos estudos revelam que as discussões en- tre a equipe, o cliente e as áreas de suporte especializado (Setor Jurídico, setor de Análise de Ambiguidade, setor de Anonimização), a consulta a membros experientes da equipe com conhecimento do domínio reduzem a ambiguidade e favorecem a conformidade legal nas es- pecificações de requisitos. A teoria que emergiu das entrevistas explica um conjunto de fatores influenciando as práticas de trabalho utilizadas por empresas públicas e privadas para lidar com a ambiguidade na especificação de requisitos legais e o alcance da conformidade com as legislações. Pesquisadores e profissionais podem utilizar estes fatores e as diretrizes para alavancar os métodos e ferramentas que desenvolvem ou utilizam para apoiar a especificação de requisitos legais.engUniversidade Federal de PernambucoPrograma de Pos Graduacao em Ciencia da ComputacaoUFPEBrasilAttribution-NonCommercial-NoDerivs 3.0 Brazilhttp://creativecommons.org/licenses/by-nc-nd/3.0/br/info:eu-repo/semantics/openAccessEngenharia de softwareEngenharia de requisitosFactors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection lawsinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/doctoralThesisdoutoradoreponame:Repositório Institucional da UFPEinstname:Universidade Federal de Pernambuco (UFPE)instacron:UFPEORIGINALTESE Dorgival Pereira da Silva Netto.pdfTESE Dorgival Pereira da Silva Netto.pdfapplication/pdf7136773https://repositorio.ufpe.br/bitstream/123456789/44239/1/TESE%20Dorgival%20Pereira%20da%20Silva%20Netto.pdfe95911cd65301dd3cabbc1036c64a691MD51CC-LICENSElicense_rdflicense_rdfapplication/rdf+xml; charset=utf-8811https://repositorio.ufpe.br/bitstream/123456789/44239/2/license_rdfe39d27027a6cc9cb039ad269a5db8e34MD52LICENSElicense.txtlicense.txttext/plain; charset=utf-82142https://repositorio.ufpe.br/bitstream/123456789/44239/3/license.txt6928b9260b07fb2755249a5ca9903395MD53TEXTTESE Dorgival Pereira da Silva Netto.pdf.txtTESE Dorgival Pereira da Silva Netto.pdf.txtExtracted texttext/plain507963https://repositorio.ufpe.br/bitstream/123456789/44239/4/TESE%20Dorgival%20Pereira%20da%20Silva%20Netto.pdf.txte4d3499e21903ac66ddc55dc76a3da67MD54THUMBNAILTESE Dorgival Pereira da Silva Netto.pdf.jpgTESE Dorgival Pereira da Silva Netto.pdf.jpgGenerated Thumbnailimage/jpeg1227https://repositorio.ufpe.br/bitstream/123456789/44239/5/TESE%20Dorgival%20Pereira%20da%20Silva%20Netto.pdf.jpg1401108c9037fa9ea76d1c52c05a220eMD55123456789/442392022-04-29 02:16:20.026oai:repositorio.ufpe.br:123456789/44239VGVybW8gZGUgRGVww7NzaXRvIExlZ2FsIGUgQXV0b3JpemHDp8OjbyBwYXJhIFB1YmxpY2HDp8OjbyBkZSBEb2N1bWVudG9zIG5vIFJlcG9zaXTDs3JpbyBEaWdpdGFsIGRhIFVGUEUKIAoKRGVjbGFybyBlc3RhciBjaWVudGUgZGUgcXVlIGVzdGUgVGVybW8gZGUgRGVww7NzaXRvIExlZ2FsIGUgQXV0b3JpemHDp8OjbyB0ZW0gbyBvYmpldGl2byBkZSBkaXZ1bGdhw6fDo28gZG9zIGRvY3VtZW50b3MgZGVwb3NpdGFkb3Mgbm8gUmVwb3NpdMOzcmlvIERpZ2l0YWwgZGEgVUZQRSBlIGRlY2xhcm8gcXVlOgoKSSAtICBvIGNvbnRlw7pkbyBkaXNwb25pYmlsaXphZG8gw6kgZGUgcmVzcG9uc2FiaWxpZGFkZSBkZSBzdWEgYXV0b3JpYTsKCklJIC0gbyBjb250ZcO6ZG8gw6kgb3JpZ2luYWwsIGUgc2UgbyB0cmFiYWxobyBlL291IHBhbGF2cmFzIGRlIG91dHJhcyBwZXNzb2FzIGZvcmFtIHV0aWxpemFkb3MsIGVzdGFzIGZvcmFtIGRldmlkYW1lbnRlIHJlY29uaGVjaWRhczsKCklJSSAtIHF1YW5kbyB0cmF0YXItc2UgZGUgVHJhYmFsaG8gZGUgQ29uY2x1c8OjbyBkZSBDdXJzbywgRGlzc2VydGHDp8OjbyBvdSBUZXNlOiBvIGFycXVpdm8gZGVwb3NpdGFkbyBjb3JyZXNwb25kZSDDoCB2ZXJzw6NvIGZpbmFsIGRvIHRyYWJhbGhvOwoKSVYgLSBxdWFuZG8gdHJhdGFyLXNlIGRlIFRyYWJhbGhvIGRlIENvbmNsdXPDo28gZGUgQ3Vyc28sIERpc3NlcnRhw6fDo28gb3UgVGVzZTogZXN0b3UgY2llbnRlIGRlIHF1ZSBhIGFsdGVyYcOnw6NvIGRhIG1vZGFsaWRhZGUgZGUgYWNlc3NvIGFvIGRvY3VtZW50byBhcMOzcyBvIGRlcMOzc2l0byBlIGFudGVzIGRlIGZpbmRhciBvIHBlcsOtb2RvIGRlIGVtYmFyZ28sIHF1YW5kbyBmb3IgZXNjb2xoaWRvIGFjZXNzbyByZXN0cml0bywgc2Vyw6EgcGVybWl0aWRhIG1lZGlhbnRlIHNvbGljaXRhw6fDo28gZG8gKGEpIGF1dG9yIChhKSBhbyBTaXN0ZW1hIEludGVncmFkbyBkZSBCaWJsaW90ZWNhcyBkYSBVRlBFIChTSUIvVUZQRSkuCgogClBhcmEgdHJhYmFsaG9zIGVtIEFjZXNzbyBBYmVydG86CgpOYSBxdWFsaWRhZGUgZGUgdGl0dWxhciBkb3MgZGlyZWl0b3MgYXV0b3JhaXMgZGUgYXV0b3IgcXVlIHJlY2FlbSBzb2JyZSBlc3RlIGRvY3VtZW50bywgZnVuZGFtZW50YWRvIG5hIExlaSBkZSBEaXJlaXRvIEF1dG9yYWwgbm8gOS42MTAsIGRlIDE5IGRlIGZldmVyZWlybyBkZSAxOTk4LCBhcnQuIDI5LCBpbmNpc28gSUlJLCBhdXRvcml6byBhIFVuaXZlcnNpZGFkZSBGZWRlcmFsIGRlIFBlcm5hbWJ1Y28gYSBkaXNwb25pYmlsaXphciBncmF0dWl0YW1lbnRlLCBzZW0gcmVzc2FyY2ltZW50byBkb3MgZGlyZWl0b3MgYXV0b3JhaXMsIHBhcmEgZmlucyBkZSBsZWl0dXJhLCBpbXByZXNzw6NvIGUvb3UgZG93bmxvYWQgKGFxdWlzacOnw6NvKSBhdHJhdsOpcyBkbyBzaXRlIGRvIFJlcG9zaXTDs3JpbyBEaWdpdGFsIGRhIFVGUEUgbm8gZW5kZXJlw6dvIGh0dHA6Ly93d3cucmVwb3NpdG9yaW8udWZwZS5iciwgYSBwYXJ0aXIgZGEgZGF0YSBkZSBkZXDDs3NpdG8uCgogClBhcmEgdHJhYmFsaG9zIGVtIEFjZXNzbyBSZXN0cml0bzoKCk5hIHF1YWxpZGFkZSBkZSB0aXR1bGFyIGRvcyBkaXJlaXRvcyBhdXRvcmFpcyBkZSBhdXRvciBxdWUgcmVjYWVtIHNvYnJlIGVzdGUgZG9jdW1lbnRvLCBmdW5kYW1lbnRhZG8gbmEgTGVpIGRlIERpcmVpdG8gQXV0b3JhbCBubyA5LjYxMCBkZSAxOSBkZSBmZXZlcmVpcm8gZGUgMTk5OCwgYXJ0LiAyOSwgaW5jaXNvIElJSSwgYXV0b3Jpem8gYSBVbml2ZXJzaWRhZGUgRmVkZXJhbCBkZSBQZXJuYW1idWNvIGEgZGlzcG9uaWJpbGl6YXIgZ3JhdHVpdGFtZW50ZSwgc2VtIHJlc3NhcmNpbWVudG8gZG9zIGRpcmVpdG9zIGF1dG9yYWlzLCBwYXJhIGZpbnMgZGUgbGVpdHVyYSwgaW1wcmVzc8OjbyBlL291IGRvd25sb2FkIChhcXVpc2nDp8OjbykgYXRyYXbDqXMgZG8gc2l0ZSBkbyBSZXBvc2l0w7NyaW8gRGlnaXRhbCBkYSBVRlBFIG5vIGVuZGVyZcOnbyBodHRwOi8vd3d3LnJlcG9zaXRvcmlvLnVmcGUuYnIsIHF1YW5kbyBmaW5kYXIgbyBwZXLDrW9kbyBkZSBlbWJhcmdvIGNvbmRpemVudGUgYW8gdGlwbyBkZSBkb2N1bWVudG8sIGNvbmZvcm1lIGluZGljYWRvIG5vIGNhbXBvIERhdGEgZGUgRW1iYXJnby4KRepositório InstitucionalPUBhttps://repositorio.ufpe.br/oai/requestattena@ufpe.bropendoar:22212022-04-29T05:16:20Repositório Institucional da UFPE - Universidade Federal de Pernambuco (UFPE)false |
| dc.title.pt_BR.fl_str_mv |
Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws |
| title |
Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws |
| spellingShingle |
Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws SILVA NETTO, Dorgival Pereira da Engenharia de software Engenharia de requisitos |
| title_short |
Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws |
| title_full |
Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws |
| title_fullStr |
Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws |
| title_full_unstemmed |
Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws |
| title_sort |
Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws |
| author |
SILVA NETTO, Dorgival Pereira da |
| author_facet |
SILVA NETTO, Dorgival Pereira da |
| author_role |
author |
| dc.contributor.authorLattes.pt_BR.fl_str_mv |
http://lattes.cnpq.br/6404552479445485 |
| dc.contributor.advisorLattes.pt_BR.fl_str_mv |
http://lattes.cnpq.br/0581226769296441 |
| dc.contributor.author.fl_str_mv |
SILVA NETTO, Dorgival Pereira da |
| dc.contributor.advisor1.fl_str_mv |
SCHUENEMANN, Carla Taciana Lima Lourenço Silva |
| contributor_str_mv |
SCHUENEMANN, Carla Taciana Lima Lourenço Silva |
| dc.subject.por.fl_str_mv |
Engenharia de software Engenharia de requisitos |
| topic |
Engenharia de software Engenharia de requisitos |
| description |
Software requirements are mainly specified using natural language, but it brings chal- lenges as it is prone to produce ambiguous specifications. These challenges become bigger when dealing with software requirements that must comply with regulations, the so-called le- gal requirements. Ambiguous requirements specifications may cause the system not to satisfy the stakeholders’ needs and not comply with the legislation. Existing Requirements Engineer- ing approaches to addressing ambiguity and/or achieving legal compliance are not based on knowledge from empirical studies conducted in the software development industry. This thesis aims to overcome this limitation by providing a set of factors and guidelines that help re- duce ambiguity in legal requirements specification and achieve specifications compliant with data protection laws. To achieve this objective, we initially carried out a broad study in the literature to characterize the landscape of legal requirements engineering concerning privacy and security. Then, we analyzed works that developed approaches to deal with ambiguity in the specification of legal requirements. We then investigated how the software development industry tackles the problem through an exploratory study based on semi-structured interviews with twenty-two professionals from public and private companies. Data collected from the interviews were analyzed using grounded theory techniques. We identified factors and out- lined a theory explaining the relationships between them and how they reduce ambiguity in the specification of legal requirements and the compliance of such requirements with data privacy laws. To validate these factors, we conducted a self-administered online survey with professionals. Findings from the studies reveal that discussions among the team, customer, specialized support areas (Legal Sector, Ambiguity Analysis sector, Anonymization Sector), consulting experienced team members with domain knowledge reduce ambiguity and promote legal compliance in requirements specifications. The theory that emerged from the interviews explains a set of factors influencing the work practices used by public and private companies to deal with ambiguity in legal requirements specification and achieve their compliance with regulations. Researchers and practitioners can use these factors and guidelines to leverage the methods and tools they develop or use to support legal requirements specifications. |
| publishDate |
2021 |
| dc.date.issued.fl_str_mv |
2021-10-29 |
| dc.date.accessioned.fl_str_mv |
2022-04-28T18:35:44Z |
| dc.date.available.fl_str_mv |
2022-04-28T18:35:44Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/doctoralThesis |
| format |
doctoralThesis |
| status_str |
publishedVersion |
| dc.identifier.citation.fl_str_mv |
SILVA NETTO, Dorgival Pereira da. Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws. 2021. Tese (Doutorado em Ciência da Computação) - Universidade Federal de Pernambuco, Recife, 2021. |
| dc.identifier.uri.fl_str_mv |
https://repositorio.ufpe.br/handle/123456789/44239 |
| identifier_str_mv |
SILVA NETTO, Dorgival Pereira da. Factors influencing companies for reducing ambiguity in legal requirements specification and achieving their compliance with data protection laws. 2021. Tese (Doutorado em Ciência da Computação) - Universidade Federal de Pernambuco, Recife, 2021. |
| url |
https://repositorio.ufpe.br/handle/123456789/44239 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.rights.driver.fl_str_mv |
Attribution-NonCommercial-NoDerivs 3.0 Brazil http://creativecommons.org/licenses/by-nc-nd/3.0/br/ info:eu-repo/semantics/openAccess |
| rights_invalid_str_mv |
Attribution-NonCommercial-NoDerivs 3.0 Brazil http://creativecommons.org/licenses/by-nc-nd/3.0/br/ |
| eu_rights_str_mv |
openAccess |
| dc.publisher.none.fl_str_mv |
Universidade Federal de Pernambuco |
| dc.publisher.program.fl_str_mv |
Programa de Pos Graduacao em Ciencia da Computacao |
| dc.publisher.initials.fl_str_mv |
UFPE |
| dc.publisher.country.fl_str_mv |
Brasil |
| publisher.none.fl_str_mv |
Universidade Federal de Pernambuco |
| dc.source.none.fl_str_mv |
reponame:Repositório Institucional da UFPE instname:Universidade Federal de Pernambuco (UFPE) instacron:UFPE |
| instname_str |
Universidade Federal de Pernambuco (UFPE) |
| instacron_str |
UFPE |
| institution |
UFPE |
| reponame_str |
Repositório Institucional da UFPE |
| collection |
Repositório Institucional da UFPE |
| bitstream.url.fl_str_mv |
https://repositorio.ufpe.br/bitstream/123456789/44239/1/TESE%20Dorgival%20Pereira%20da%20Silva%20Netto.pdf https://repositorio.ufpe.br/bitstream/123456789/44239/2/license_rdf https://repositorio.ufpe.br/bitstream/123456789/44239/3/license.txt https://repositorio.ufpe.br/bitstream/123456789/44239/4/TESE%20Dorgival%20Pereira%20da%20Silva%20Netto.pdf.txt https://repositorio.ufpe.br/bitstream/123456789/44239/5/TESE%20Dorgival%20Pereira%20da%20Silva%20Netto.pdf.jpg |
| bitstream.checksum.fl_str_mv |
e95911cd65301dd3cabbc1036c64a691 e39d27027a6cc9cb039ad269a5db8e34 6928b9260b07fb2755249a5ca9903395 e4d3499e21903ac66ddc55dc76a3da67 1401108c9037fa9ea76d1c52c05a220e |
| bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 MD5 MD5 MD5 |
| repository.name.fl_str_mv |
Repositório Institucional da UFPE - Universidade Federal de Pernambuco (UFPE) |
| repository.mail.fl_str_mv |
attena@ufpe.br |
| _version_ |
1802310643716456448 |