Loading...
Paper Type
Complete
Abstract
This article presents a contextualization of the use of the Empathy phase in the process of privacy requirements elicitation. We conducted a literature review to identify the use of the Design Thinking Empathy phase in privacy requirements elicitation. In addition, we conducted a survey with 68 industry practitioners to understand how these requirements are elicited and whether these practitioners use the Empathy phase. We found that 73.9% of developers use the Empathy phase to software requirements elicitation. In addition, more than 61% of industry practitioners are unaware of privacy requirements, as well as Empathy tools for requirements elicitation. In the focus group conducted at two organizations that work with sensitive user information, we identified that there is no formalized process for conducting privacy requirements elicitation, although members of the development teams are concerned with data privacy and use some techniques and tools to protect user data.
Recommended Citation
Dias Canedo, Edna; Calazans, Angelica Toffano Seidel; Cerqueira, Anderson Jefferson; Costa, Pedro Henrique Teixeira; and Masson, Eloisa Toffano Seidel, "Using the Design Thinking Empathy Phase as a Facilitator in Privacy Requirements Elicitation" (2020). AMCIS 2020 Proceedings. 27.
https://aisel.aisnet.org/amcis2020/info_security_privacy/info_security_privacy/27
Using the Design Thinking Empathy Phase as a Facilitator in Privacy Requirements Elicitation
This article presents a contextualization of the use of the Empathy phase in the process of privacy requirements elicitation. We conducted a literature review to identify the use of the Design Thinking Empathy phase in privacy requirements elicitation. In addition, we conducted a survey with 68 industry practitioners to understand how these requirements are elicited and whether these practitioners use the Empathy phase. We found that 73.9% of developers use the Empathy phase to software requirements elicitation. In addition, more than 61% of industry practitioners are unaware of privacy requirements, as well as Empathy tools for requirements elicitation. In the focus group conducted at two organizations that work with sensitive user information, we identified that there is no formalized process for conducting privacy requirements elicitation, although members of the development teams are concerned with data privacy and use some techniques and tools to protect user data.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.