Dealing with privacy issues during the system design process

In the global information society, avoiding privacy violation is becoming an increasingly critical issue. Related literature includes a number of privacy enhancing technologies for ensuring system privacy. However, each of the above technologies focuses on specific issues without providing an integrated solution for meeting all four basic privacy requirements (i.e., anonymity, pseudonymity, unlinkability, and unobservability). Current research in the area of security requirements engineering advocates that privacy requirements should be considered earlier in the system development process, during the design rather than the implementation level. In this paper, we propose a new methodology, called PriS, which aims to incorporate privacy requirements into the system design process adopting a goal-oriented approach. Each privacy requirement is treated as a separate "goal" to be met during the system design process; goals are collaboratively realised by processes, which in turn are supported by IT systems. In this way, tracing between high-level organisational objectives and detailed support mechanisms is achieved. We argue that PriS provides a solution that overcomes some of the limitations of existing approaches