On Understanding How Developers Perceive and Interpret Privacy Requirements (Supplementary Material)

We present on this page the supplementary material regarding the paper: On Understanding How Developers Perceive and Interpret Privacy Requirements (Research Preview).

Authors:

Mariana Peixoto, Dayse Ferreira, Mateus Cavalcanti, Carla Silva, Jéssyka Vilela, João Araújo, and Tony Gorschek.

Abstract:

[Context and motivation]} Ensuring privacy of users' data has become a top concern in software development, either to satisfy users' needs or to comply with privacy laws. The problem may increase by the time a new law is in the vacancy period, and companies are working to understand how to comply with it. In addition, research has shown that many developers do not have sufficient knowledge about how to develop privacy-sensitive software. [Question/problem] Motivated by this scenario, this research investigates the personal factors affecting the developers' understanding of privacy requirements during the vacancy period of a data protection law. [Principal ideas/results] We conducted thirteen interviews in six different private companies. As a result, we found nine personal factors affecting how software developers perceive and interpret privacy requirements. [Contribution] The identification of the personal factors %that affect how developers handle privacy requirements contributes to the elaboration of effective methods for promoting proper privacy-sensitive software development.

keywords:

Privacy Requirements, Software Development, and Qualitative study.

Data Collection

We performed semi-structured interviews with thirteen developers from six different companies.

Interview Script.

Data Analysis

The data analysis was conducted based on quantitative descriptive statistical analysis and qualitative coding principles of GT (Open coding; Axial coding; and Selective coding). We started the coding process by performing open coding, in which we created codes for extracts of the text. After that, in axial coding, we took further readings in the transcripts and the created codes (from open coding). Thus, we identified other text extracts and also group similar codes. Finally, in selective coding, we identified categories that codes could be linked to. These categories are the Personal factors that affect how developers interpret and perceive privacy in requirements engineering.

The model presented in the figure below explains the personal factors that play a role in developers’ understanding of privacy. In the rectangles, we show nine categories as personal factors that affect positively (+) or negatively (-) how developers perceive and interpret privacy requirements. The arrows between categories (personal factors) represent that the related categories can influence each other. We also found some secondary factors (represented as a statement with an arrow to a category) which can influence positively (+), i.e., corroborate, or negatively (-), i.e., oppose the personal factors.