3 research outputs found
The Privacy Pillar -- A Conceptual Framework for Foundation Model-based Systems
AI and its relevant technologies, including machine learning, deep learning,
chatbots, virtual assistants, and others, are currently undergoing a profound
transformation of development and organizational processes within companies.
Foundation models present both significant challenges and incredible
opportunities. In this context, ensuring the quality attributes of foundation
model-based systems is of paramount importance, and with a particular focus on
the challenging issue of privacy due to the sensitive nature of the data and
information involved. However, there is currently a lack of consensus regarding
the comprehensive scope of both technical and non-technical issues that the
privacy evaluation process should encompass. Additionally, there is uncertainty
about which existing methods are best suited to effectively address these
privacy concerns. In response to this challenge, this paper introduces a novel
conceptual framework that integrates various responsible AI patterns from
multiple perspectives, with the specific aim of safeguarding privacy.Comment: 10 page
Perceptions of ICT practitioners regarding software privacy
During software development activities, it is important for Information and Communication
Technology (ICT) practitioners to know and understand practices and guidelines regarding
information privacy, as software requirements must comply with data privacy laws and members of
development teams should know current legislation related to the protection of personal data. In order
to gain a better understanding on how industry ICT practitioners perceive the practical relevance
of software privacy and privacy requirements and how these professionals are implementing
data privacy concepts, we conducted a survey with ICT practitioners from software development
organizations to get an overview of how these professionals are implementing data privacy concepts
during software design. We performed a systematic literature review to identify related works with
software privacy and privacy requirements and what methodologies and techniques are used to
specify them. In addition, we conducted a survey with ICT practitioners from different organizations.
Findings revealed that ICT practitioners lack a comprehensive knowledge of software privacy and
privacy requirements and the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados
Pessoais, LGPD, in Portuguese), nor they are able to work with the laws and guidelines governing data
privacy. Organizations are demanded to define an approach to contextualize ICT practitioners with
the importance of knowledge of software privacy and privacy requirements, as well as to address
them during software development, since LGPD must change the way teams work, as a number of
features and controls regarding consent, documentation, and privacy accountability will be required
Exploring automated GDPR-compliance in requirements engineering : a systematic mapping study
The General Data Protection Regulation (GDPR), adopted in 2018, profoundly impacts information processing organizations as they must comply with this regulation. In this research, we consider GDPR-compliance as a high-level goal in software development that should be addressed at the outset of software development, meaning during requirements engineering (RE). In this work, we hypothesize that natural language processing (NLP) can offer a viable means to automate this process. We conducted a systematic mapping study to explore the existing literature on the intersection of GDPR, NLP, and RE. As a result, we identified 448 relevant studies, of which the majority (420) were related to NLP and RE. Research on the intersection of GDPR and NLP yielded nine studies, while 20 studies were related to GDPR and RE. Even though only one study was identified on the convergence of GDPR, NLP, and RE, the mapping results indicate opportunities for bridging the gap between these fields. In particular, we identified possibilities for introducing NLP techniques to automate manual RE tasks in the crossing of GDPR and RE, in addition to possibilities of using NLP-based machine learning techniques to achieve GDPR-compliance in RE