Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Evaluating Privacy Perceptions, Experience, and Behavior of Software Development Teams

Maxwell Prybylo, Sara Haghighi, Sai Teja Peddinti, Sepideh Ghanavati

TL;DR

The paper investigates how software development teams perceive, experience, and behave regarding privacy amid tightening regulations. Using a large mixed-method survey (n = 362 across 23 countries) with role-based questions, the study integrates qualitative coding (Solove/IAPP taxonomies) and quantitative analyses (Chi-Squared, Kruskal-Wallis) with Bonferroni corrections to map privacy concepts across SDLC roles. Key findings reveal diverse privacy definitions, limited adoption of Privacy by Design and PETs, reliance on legal/privacy experts, and a positive link between having a Chief Privacy Officer and confidence in privacy measures, though PIA and PET usage remain uneven. The results underscore the need for role-dependent privacy education, standardized PIA/policy practices, and organizational supports to improve privacy-aware SDLC, offering pathways for automated tooling and targeted training.

Abstract

With the increase in the number of privacy regulations, small development teams are forced to make privacy decisions on their own. In this paper, we conduct a mixed-method survey study, including statistical and qualitative analysis, to evaluate the privacy perceptions, practices, and knowledge of members involved in various phases of the Software Development Life Cycle (SDLC). Our survey includes 362 participants from 23 countries, encompassing roles such as product managers, developers, and testers. Our results show diverse definitions of privacy across SDLC roles, emphasizing the need for a holistic privacy approach throughout SDLC. We find that software teams, regardless of their region, are less familiar with privacy concepts (such as anonymization), relying on self-teaching and forums. Most participants are more familiar with GDPR and HIPAA than other regulations, with multi-jurisdictional compliance being their primary concern. Our results advocate the need for role-dependent solutions to address the privacy challenges, and we highlight research directions and educational takeaways to help improve privacy-aware SDLC.

Evaluating Privacy Perceptions, Experience, and Behavior of Software Development Teams

TL;DR

The paper investigates how software development teams perceive, experience, and behave regarding privacy amid tightening regulations. Using a large mixed-method survey (n = 362 across 23 countries) with role-based questions, the study integrates qualitative coding (Solove/IAPP taxonomies) and quantitative analyses (Chi-Squared, Kruskal-Wallis) with Bonferroni corrections to map privacy concepts across SDLC roles. Key findings reveal diverse privacy definitions, limited adoption of Privacy by Design and PETs, reliance on legal/privacy experts, and a positive link between having a Chief Privacy Officer and confidence in privacy measures, though PIA and PET usage remain uneven. The results underscore the need for role-dependent privacy education, standardized PIA/policy practices, and organizational supports to improve privacy-aware SDLC, offering pathways for automated tooling and targeted training.

Abstract

With the increase in the number of privacy regulations, small development teams are forced to make privacy decisions on their own. In this paper, we conduct a mixed-method survey study, including statistical and qualitative analysis, to evaluate the privacy perceptions, practices, and knowledge of members involved in various phases of the Software Development Life Cycle (SDLC). Our survey includes 362 participants from 23 countries, encompassing roles such as product managers, developers, and testers. Our results show diverse definitions of privacy across SDLC roles, emphasizing the need for a holistic privacy approach throughout SDLC. We find that software teams, regardless of their region, are less familiar with privacy concepts (such as anonymization), relying on self-teaching and forums. Most participants are more familiar with GDPR and HIPAA than other regulations, with multi-jurisdictional compliance being their primary concern. Our results advocate the need for role-dependent solutions to address the privacy challenges, and we highlight research directions and educational takeaways to help improve privacy-aware SDLC.
Paper Structure (39 sections, 5 figures, 21 tables)

This paper contains 39 sections, 5 figures, 21 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Study Design
  4. Survey Tools
  5. Survey Creation
  6. Pilot Survey: University Students
  7. Software Teams Survey
  8. Survey Questions
  9. Ethics & Limitations
  10. Study Analysis Process
  11. Findings
  12. Survey Demographics
  13. Perceptions of Privacy
  14. Definition of Privacy
  15. Confidence in Security and Privacy Measures
  16. ...and 24 more sections

Figures (5)

  • Figure 1: Privacy Definitions based on Solove's Taxonomy
  • Figure 2: Stages of the SDLC When PIAs are Created.
  • Figure 3: Distribution of Roles Involved in PIA Creation.
  • Figure 4: Familiarity with Different Regulations.
  • Figure 5: Distribution of Responses to the Creation of a PIA.