A Core Ontology for Privacy Requirements Engineering
This work addresses privacy compliance challenges for companies handling personal data, though it is incremental as it builds on prior ontology research.
The paper tackles the problem of integrating privacy concerns into system design by introducing COPri, a core ontology for privacy requirements engineering, which was implemented, validated, and evaluated to address gaps in existing approaches that treat privacy as a subset of security.
Nowadays, most companies need to collect, store, and manage personal information in order to deliver their services. Accordingly, privacy has emerged as a key concern for these companies since they need to comply with privacy laws and regulations. To deal with them properly, such privacy concerns should be considered since the early phases of system design. Ontologies have proven to be a key factor for elaborating high-quality requirements models. However, most existing work deals with privacy as a special case of security requirements, thereby missing essential traits of this family of requirements. In this paper, we introduce COPri, a Core Ontology for Privacy requirements engineering that adopts and extends our previous work on privacy requirements engineering ontology that has been mined through a systematic literature review. Additionally, we implement, validate and then evaluate our ontology.