Using Privacy Process Patterns for Incorporating Privacy Requirements into the System Design Process

In the online world every person has to hold a number of different data sets so as to be able to have access to various e-services and take part in specific economical and social transactions. Such data sets require special consideration since they may convey personal data, sensitive personal data, employee data, credit card data etc. Recent surveys have shown that people feel that their privacy is at risk from identity theft and erosion of individual rights. The result is that privacy violation is becoming an increasingly critical issue in modern societies. To this end, PriS, a new security requirements engineering methodology, has been introduced aiming to incorporate privacy requirements early in the system development process. In this paper, we extend the PriS conceptual framework by introducing privacy process patterns as a way for describing the effect of privacy requirements on business processes. In addition, privacy process patterns facilitate the identification of the system architecture that best supports the privacy-related business processes, thus providing a holistic approach from business goals to `privacy-compliant´ IT systems