The explosion in data gathering has greatly exacerbated existing privacy issues in computing systems and created new ones due to the increase in the scale and the scope of available data as well as the advances in the capabilities of computational data analysis. Software professionals typically have no formal training or education on sociotechnical aspects of privacy. As a result, addressing privacy issues raised by a system is frequently an afterthought and/or a matter of compliance-check during the late phases of the system development lifecycle. To tackle this challenge, this research aims to bridge the gap between policy makers and regulators and system designers by making privacy laws and regulations understandable and actionable by software professionals. Specifically, this research designs and develops a deck of privacy ideation cards based on US privacy laws and regulations. The privacy ideation cards produced by this research can potentially transform how privacy-relevant aspects are handled in real-world software solutions built by industry and inform how students are taught these issues in undergraduate software curricula.
A critical contribution of this research is a deck of ideation cards to facilitate the design, development, and deployment of systems that take into account relevant US privacy laws and regulations at every step of the system building process. The cards are designed based on input from legal scholars and experts in the domain of US privacy laws. The design is geared toward promoting an understanding of privacy regulation by software professionals as well as students. This research involves applying the cards to the design of real-world solutions in industry as well as at a university (in a software project course). These applications enhance the knowledge of how privacy-related ideation techniques can be effectively employed in professional software development as well as software education. The findings facilitate the design and development of systems that comply with privacy laws and regulations and are sensitive to the privacy needs of their users, thus promoting and extending the Privacy by Design approach.
