Incorporating privacy requirements into the system design process - The PriS conceptual framework

Purpose - To present a new methodology for incorporating privacy requirements into the system design process called PriS, and describe its applicability in the e-VOTE system for presenting methodology's way-of-working. Design/methodology/approach - PriS is a requirement engineering methodology focused on privacy issues. It provides a set of concepts for modelling privacy requirements (anonymity, pseudonymity, unlinkability and unobservability) in the organisation domain and a systematic way-of-working for translating these requirements into system models. The conceptual model used in PriS is based on the Enterprise Knowledge Development (EKD) framework. PriS models privacy requirements as a special type of goal. Findings - Based on the analysis of a number of well-known privacy-enhancing technologies as well as of existing security requirement engineering methodologies, this paper pinpoints the gap between system design methodologies and technological solutions. To this end, PriS is suggested, with a view to providing a methodological framework for matching privacy-related requirements with the proper implementation techniques. Originality/value - This paper proposes a new methodology for addressing privacy requirements during the design process. It guides developers to choose the most appropriate implementation techniques for realising the identified privacy issues. PriS methodology has a high degree of applicability on Internet systems that wish to provide services that ensure users privacy, such as anonymous browsing, untraceable transactions, etc.