Agile Teams’ Perception in Privacy Requirements Elicitation: LGPD’s compliance in Brazil

Abstract

Context: The implementation of the Brazilian General Data Protection Law (LGPD) may impact activities carried out by the software development teams. It is necessary for developers to know the existing techniques and tools to carry out privacy requirements elicitation. Objectives: In this research, we investigated the perception of agile software development team members from different organizations, regarding the impact that LGPD will have on the activities of the software development process. Methods: We conducted an online survey and a systematic literature review to identify the techniques, methodologies and tools used in the literature to perform privacy requirements elicitation in the context of Agile Software Development (ASD). In addition, we also investigated the perception of an agile team from a Federal Public Administration organization regarding the impacts of the obligation to develop software in accordance with the LGPD. Results: Our findings reveal that agile teams know the concepts related to data privacy legislation, but they do not use the techniques proposed in the literature to perform privacy requirements elicitation. In addition, agile teams face problems with outdated software requirements specifications and stakeholders’ lack of knowledge regarding data privacy. Conclusions: Agile teams need to improve their knowledge on privacy requirements.