Commitment analysis to operationalize software requirements from privacy policies

Abbott RJ (1983) Program design by informal english descriptions. Commun ACM 26(11):882–894 Antón AI (1997) Goal Identification and Refinement in the Specification of Software-Based Information Systems. Ph.D. Thesis, Georgia Institute of Technology Antón A (2007) Is that vault really protecting your privacy? ThePrivacyPlace.org Blog. 9 Oct 2007 Antón AI, Earp JB (2004) A requirements taxonomy for reducing web site privacy vulnerabilities. Requir Eng J 9(3):169–185 Antón AI, Earp JB, Carter RA (2003) Precluding incongruous behavior by aligning software requirements with security and privacy policies. Inf Softw Technol, Elsevier 45(14): 967–977 Antón AI, Earp JB, Vail MW, Jain N, Gheen C, Frink JM (2007) HIPAA’s Effect on web site privacy policies. IEEE Secur Priv 5(1):45–52 Breaux TD (2009) Legal Requirements Acquisition for the Specification of Legally Compliant Information Systems. Ph.D. Thesis, North Carolina State University, April 2009 Breaux TD, Antón AI (2005) Deriving semantic models from privacy policies. In: Proceedings of IEEE 6th workshop on policies for distributed systems and networks, pp 67–76 Breaux TD, Antón AI (2008) Analyzing regulatory rules for privacy and security requirements. IEEE Trans Softw Eng 34(1):5–20 Breaux TD, Antón AI, Doyle J (2008) Semantic parameterization: a process for modeling domain descriptions. ACM Trans Softw Eng Methodol 18(2):1–27 Breaux TD, Vail MW, Antón AI (2006) Towards regulatory compliance: extracting rights and obligations to align requirements with regulations. In: Proceedings of the 13th IEEE international conference on requirements engineering Cleland-Huang J, Chang CK, Sethi G, Javvaji K, Hu H, Xia J (2002) Automating speculative queries through event-based requirements traceability. In: Proceedings of the IEEE joint international requirements engineering conference (RE’02), 9–13 September 2002, pp 289–296 Earp JB, Antón AI, Aiman-Smith L, Stufflebeam W (2005) Examining internet privacy policies within the context of user privacy values. IEEE Trans Eng Manag 52(2):227–237 Federal Trade Commission (2004) Federal trade commission decisions: findings, options, and orders, July 1, 2004 to December 31, 2004, Vol. 138 Federal Trade Commission (2009) Privacy initiative: unfairness & deception—enforcement. Accessed 2 June 2009. http://www.ftc.gov/privacy/privacyinitiatives/promises_enf.html Federal Trade Commission Act (15 U.S.C. §§41-58) Garner BA (ed) (2004) Black’s law dictionary, 8th edn. West Ghanavati S, Amyot D, Peyton L (2007) Towards a framework for tracking legal compliance in healthcare. In: Proceedings of the 19th international conference of advanced information systems engineering, pp 218–232 Glaser BG (1978) Theoretical sensitivity. Sociology Press, Mill Valley Glaser BG, Strauss AL (1967) The discovery of grounded theory. Aldine Transaction, Chicago Haddadi A (1995) A formal theory of commitments. In: Communication and cooperation in agent systems, vol 1056. Lecture notes in computer science. Springer, Berlin, pp 51–82 Hofmann M (2006) Federal trade commission enforcement of privacy. In: Wolf C (ed) Proskauer on privacy: a guide to privacy and data security law in the information age. Practising Law Institute, New York, NY Hohfeld WN (1913) Some fundamental legal conceptions as applied in judicial reasoning. Yale Law J 23(1):16–59 Huhns MN, Singh MP (eds) (1998) Readings in agents. Morgan Kaufman, San Francisco Manning CD, Schütze H (1999) Foundations of statistical natural language processing. The MIT Press, Cambridge Massey AK, Otto PN, Antón AI (2009) Prioritizing legal requirements. In: Proceedings of the second international workshop on requirements engineering and law Massey AK, Otto PN, Hayward LJ, Antón AI (2010) Evaluating existing security and privacy requirements for legal compliance. Requir Eng J 15(1):119–137 Maxwell JC, Antón AI (2009) Developing production rule models to aid in acquiring requirements from legal texts. In: Proceedings of the 17th intl. IEEE requirements engineering conference, pp 101–110 Maxwell JC, Antón AI (2009) Checking existing requirements for compliance with law using a production rule model. In: Proceedings of the second international workshop on requirements engineering and law Otto PN, Antón AI (2007) Addressing legal requirements in requirements engineering. In: Proceedings of the 15th IEEE international requirements engineering conference, pp 5–14 Potts C, Takahashi K, Antón AI (1994) Inquiry—based requirements analysis. IEEE Softw 11(2):21–32 Robinson WN (2005) Implementing rule-based monitors within a framework for continuous requirements monitoring. In: Proceedings of the 38th Hawaii international conference on system sciences Siena A, Perini A, Susi A, Mylopoulos J (2009) A meta-model for modelling law-compliant requirements. In: Proceedings of the second international workshop on requirements engineering and law Sotto LJ, Simpson AP (2008) Surviving an FTC investigation after a data breach. N Y Law J Vail MW, Earp JB, Antón AI (2008) An empirical study of consumer perceptions and comprehension of web site privacy policies. IEEE Trans Eng Manag 55(3):442–454 Wan F, Singh MP (2005) Formalizing and achieving multiparty agreements via commitments. In: Proceedings of autonomous agents and multi-agent systems, pp 770–777 Yin RK (2003) Case study research: design and methods. In: Applied social research methods series, vol 5, 3rd edn. Sage Publications Young J, Antón AI (2008) Are google health’s privacy practices healthy? ThePrivacyPlace.org. 20 June 2008