10.29327/1298356.26-7
Security techniques in software development need to be widespread, mainly because of their positive impact on risk mitigation. In August 2018, the General Law of Data Protection (LGPD) was sanctioned, which defines what is, or is not legal in data handling and guarantees individual rights. Several studies have sought to understand the LGPD compliance landscape. In addition, the research in this study aims to investigate the compliance of LGPD implementation in public higher education institutions in Brazil. Thus, it sought to identify whether ICT professionals perform the specification of privacy requirements, in addition to identifying the level of knowledge and compliance with the legislation from the perspective of these professionals. The survey presents the view of ICT professionals from 19 public institutions of higher education distributed in the five regions of Brazil. The results show that 70.6% of the organizations have somehow started to adapt to the LGPD; more than 70% said that their organization controls sensitive personal data; 20.6% of interviewed claimed to make use of the privacy approach in requirements specifications. Of these, nearly half only make in the end of the software development phase; more than 67% consider that there were impacts on software development; and 50% state that in the institutions there is no training on data security and that it is necessary to address this change of culture and have the support of senior management for the execution of action to adapt to the LGPD.
LGPD; Privacy Requirements; Requirements Engineering
@inproceedings{wer202301,
author = {Silva, K. and Sarkis, L.},
title = {Análise de conformidade da LGPD nas Instituições Públicas de Ensino Superior no Brasil sob a perspectiva dos profissionais de TIC},
booktitle = {Proceedings of the WER2023-26th Workshop on Requirements Engineering, Porto Alegre-RS, Brazil},
year = {2023},
issn = {2675-0066},
isbn = {978-65-00-77516-7},
doi = {10.29327/1298356.26-7}
}