A Semantic Rule-Based Approach for Software Privacy by Design

Date

2019-05

Advisors

Journal Title

Journal ISSN

ISSN

2394-2835

DOI

Volume Title

Publisher

Institute of Research and Journals (IRAJ)

Type

Article

Peer reviewed

Yes

Abstract

Information system business is currently witnessing an increasing demand for system conformance with the international regime of GRC Governance, Risk and Compliance. Among different compliance approaches, data protection and privacy laws plays a key role. In this paper, we propose a compliance requirement analysis method from early stages of system modelling based on a semantically-rich model, where a mapping can be established from data protection and privacy requirements defined by laws and regulations to system business goals and contexts. The early consideration of requirements satisfies Privacy by Design, a key concept in General Data Protection Regulation 2012. The proposed semantic model consists of a number of ontologies each corresponding to a knowledge component within the developed framework of our approach. Each ontology is a thesaurus of concepts in the compliance related to system along with relationships and rules between these concepts that encompass the domain knowledge. The main contribution of the work presented in this paper is the ontology-based compliance framework that demonstrates how description-logic reasoning techniques can be used to simulate legal reasoning requirements employed by legal professions against the description of each ontology.

Description

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the URI link. Open access journal

Keywords

privacy by design, compliance, privacy risk analysis

Citation

Zarrabi, F. and Brimicombe, A. (2019) A Semantic Rule-Based Approach for Software Privacy by Design. International Journal of Advances in Electronics and Computer Science, 6(5).

Rights

Research Institute