{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,12]],"date-time":"2026-03-12T05:57:44Z","timestamp":1773295064510,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":45,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,11,5]],"date-time":"2024-11-05T00:00:00Z","timestamp":1730764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Funda\u00e7\u00e3o Coordena\u00e7\u00e3o de Aperfei\u00e7oamento de Pessoal de N\u00edvel Superior (CAPES)"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,11,5]]},"DOI":"10.1145\/3701625.3701663","type":"proceedings-article","created":{"date-parts":[[2024,12,21]],"date-time":"2024-12-21T11:39:16Z","timestamp":1734781156000},"page":"242-252","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["How Software Industry Specifies Requirements Compliant with Data Protection Laws: a survey-based study"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9269-0288","authenticated-orcid":false,"given":"Dorgival Pereira da Silva","family":"Netto","sequence":"first","affiliation":[{"name":"Centro de Ci\u00eancias e Tecnologia, Universidade Federal do Cariri - UFCA, Juazeiro do Norte, Cear\u00e1, Brasil and Centro de Inform\u00e1tica, Universidade Federal de Pernambuco - UFPE, Recife, Pernambuco, Brasil"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0597-3851","authenticated-orcid":false,"given":"Carla","family":"Silva","sequence":"additional","affiliation":[{"name":"Centro de Inform\u00e1tica, Universidade Federal de Pernambuco, Recife, Pernambuco, Brasil"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5914-1631","authenticated-orcid":false,"given":"Jo\u00e3o","family":"Ara\u00fajo","sequence":"additional","affiliation":[{"name":"Department of Informatics, Universidade Nova de Lisboa, Caparica, Portugal"}]}],"member":"320","published-online":{"date-parts":[[2024,12,21]]},"reference":[{"key":"e_1_3_3_1_2_2","doi-asserted-by":"publisher","unstructured":"O. Akhigbe D. Amyot and G. Richards. 2019. A systematic literature mapping of goal and non-goal modelling methods for legal and regulatory compliance. Requirements Engineering 24 4 (2019) 459\u2013481. 10.1007\/s00766-018-0294-1 https:\/\/dl.acm.org\/doi\/10.1007\/s00766-018-0294-1","DOI":"10.1007\/s00766-018-0294-1"},{"key":"e_1_3_3_1_3_2","doi-asserted-by":"publisher","DOI":"10.1109\/RE57278.2023.00015"},{"key":"e_1_3_3_1_4_2","doi-asserted-by":"publisher","unstructured":"O. Amaral S. Abualhaija D. Torre M. Sabetzadeh and L. Briand. 2021. AI-Enabled Automation for Completeness Checking of Privacy Policies. IEEE Transactions on Software Engineering 47 12 (2021) 2813\u20132833. 10.1109\/TSE.2020.3012120","DOI":"10.1109\/TSE.2020.3012120"},{"key":"e_1_3_3_1_5_2","doi-asserted-by":"publisher","DOI":"10.1109\/RE.2018.00023"},{"key":"e_1_3_3_1_6_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4615-0465-8_2"},{"key":"e_1_3_3_1_7_2","doi-asserted-by":"publisher","DOI":"10.1109\/RE.2016.20"},{"key":"e_1_3_3_1_8_2","volume-title":"Do Not Cut Corners When Eliciting Privacy Requirements: Experiences from Industry","author":"Billgren P.","year":"2020","unstructured":"P. Billgren and L.\u00a0W. Ekman. 2020. Do Not Cut Corners When Eliciting Privacy Requirements: Experiences from Industry. Technical Report. Blekinge Institute of Technology."},{"key":"e_1_3_3_1_9_2","unstructured":"Blind. 2024. Supplementary Material. https:\/\/figshare.com\/s\/737b277cc3f422a5a5ca"},{"key":"e_1_3_3_1_10_2","doi-asserted-by":"publisher","DOI":"10.23919\/ICITST.2017.8356355"},{"key":"e_1_3_3_1_11_2","doi-asserted-by":"publisher","DOI":"10.1109\/RELAW.2014.6893476"},{"key":"e_1_3_3_1_12_2","unstructured":"BRASIL. 2018. LGPD - Lei Geral de Prote\u00e7\u00e3o de Dados Pessoais. http:\/\/www.planalto.gov.br\/ccivil_03\/_ato2015-2018\/2018\/lei\/L13709.htm"},{"key":"e_1_3_3_1_13_2","doi-asserted-by":"publisher","unstructured":"E.\u00a0D. Canedo A.\u00a0T.\u00a0S. Calazans I.\u00a0N. Bandeira P.\u00a0H.\u00a0T. Costa and E.\u00a0T.\u00a0S. Masson. 2022. Guidelines Adopted by Agile Teams in Privacy Requirements Elicitation after the Brazilian General Data Protection Law (LGPD) Implementation. Requirements Engineering 27 4 (Dec. 2022) 545\u2013567. 10.1007\/s00766-022-00391-7 https:\/\/dl.acm.org\/doi\/10.1007\/s00766-022-00391-7","DOI":"10.1007\/s00766-022-00391-7"},{"key":"e_1_3_3_1_14_2","doi-asserted-by":"publisher","unstructured":"E.\u00a0D. Canedo A.\u00a0T.\u00a0S. Calazans E.\u00a0T.\u00a0S. Masson P.\u00a0H.\u00a0T. Costa and F. Lima. 2020. Perceptions of ICT Practitioners Regarding Software Privacy. Entropy 22 4 (2020) 429. 10.3390\/e22040429","DOI":"10.3390\/e22040429"},{"key":"e_1_3_3_1_15_2","volume-title":"Applied Nonparametric Statistics","author":"Daniel W.\u00a0W.","year":"1978","unstructured":"W.\u00a0W. Daniel. 1978. Applied Nonparametric Statistics. Houghton Mifflin."},{"key":"e_1_3_3_1_16_2","doi-asserted-by":"publisher","DOI":"10.5555\/2692708"},{"key":"e_1_3_3_1_17_2","unstructured":"European-Union. 2018. GDPR - General Data Protection Regulation. https:\/\/eugdpr.org\/"},{"key":"e_1_3_3_1_18_2","doi-asserted-by":"crossref","unstructured":"D.\u00a0M. Fern\u00e1ndez and M.-T. Christiansson. 2017. Naming the pain in requirements engineering: Contemporary problems causes and effects in practice. Empirical Software Engineering 22 (2017) 2298\u20132338.","DOI":"10.1007\/s10664-016-9451-7"},{"key":"e_1_3_3_1_19_2","doi-asserted-by":"publisher","unstructured":"S.\u00a0\u00c9.\u00a0R. Ferr\u00e3o G.\u00a0R.\u00a0S. Silva E.\u00a0D. Canedo and F.\u00a0F. Mendes. 2024. Towards a taxonomy of privacy requirements based on the LGPD and ISO\/IEC 29100. Information and Software Technology 168 (2024) 107396. 10.1016\/j.infsof.2024.107396 https:\/\/dl.acm.org\/doi\/10.1016\/j.infsof.2024.107396","DOI":"10.1016\/j.infsof.2024.107396"},{"key":"e_1_3_3_1_20_2","doi-asserted-by":"crossref","unstructured":"S.\u00a0A. Fricker K. Schneider F. Fotrousi and C. Thuemmler. 2016. Workshop videos for requirements communication. Requirements Engineering 21 4 (2016) 521\u2013552.","DOI":"10.1007\/s00766-015-0231-5"},{"key":"e_1_3_3_1_21_2","doi-asserted-by":"publisher","DOI":"10.1145\/2593770.2593780"},{"key":"e_1_3_3_1_22_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-50316-1_28"},{"key":"e_1_3_3_1_23_2","doi-asserted-by":"publisher","unstructured":"S. G\u00fcrses and J.\u00a0M. del Alamo. 2016. Privacy Engineering: Shaping an Emerging Field of Research and Practice. IEEE Security & Privacy 14 2 (2016) 40\u201346. 10.1109\/MSP.2016.37 https:\/\/dl.acm.org\/doi\/10.1109\/MSP.2016.37","DOI":"10.1109\/MSP.2016.37"},{"key":"e_1_3_3_1_24_2","doi-asserted-by":"publisher","DOI":"10.1109\/REW57809.2023.00047"},{"key":"e_1_3_3_1_25_2","doi-asserted-by":"publisher","unstructured":"B. Kitchenham and S.\u00a0L. Pfleeger. 2003. Principles of survey research part 6: data analysis. SIGSOFT Softw. Eng. Notes 28 2 (Mar. 2003) 24\u201327. 10.1145\/638750.638758https:\/\/dl.acm.org\/doi\/10.1145\/638750.638758","DOI":"10.1145\/638750.638758"},{"key":"e_1_3_3_1_26_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-84800-044-5_3"},{"key":"e_1_3_3_1_27_2","doi-asserted-by":"publisher","DOI":"10.1109\/RELAW.2008.10"},{"key":"e_1_3_3_1_28_2","doi-asserted-by":"publisher","DOI":"10.1145\/3475716.3484191"},{"key":"e_1_3_3_1_29_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-69904-2_19"},{"key":"e_1_3_3_1_30_2","doi-asserted-by":"publisher","DOI":"10.1109\/RE.2014.6912250"},{"key":"e_1_3_3_1_31_2","volume-title":"A strategy for addressing ambiguity in regulatory requirements","author":"Massey A.\u00a0K.","year":"2015","unstructured":"A.\u00a0K. Massey, R.\u00a0L. Rutledge, A.\u00a0I. Ant\u00f3n, J.\u00a0D. Hemmings, and P.\u00a0P. Swire. 2015. A strategy for addressing ambiguity in regulatory requirements. Technical Report. Georgia Institute of Technology."},{"key":"e_1_3_3_1_32_2","doi-asserted-by":"crossref","unstructured":"N.\u00a0R. Mead S. Miyazaki and J. Zhan. 2011. Integrating privacy requirements considerations into a security requirements engineering method and tool. International Journal of Information Privacy Security and Integrity 1 1 (2011) 106\u2013126.","DOI":"10.1504\/IJIPSI.2011.043733"},{"key":"e_1_3_3_1_33_2","doi-asserted-by":"publisher","unstructured":"J.\u00a0S. Moll\u00e9ri K. Petersen and E. Mendes. 2020. An empirically evaluated checklist for surveys in software engineering. Information and Software Technology 119 (2020) 106240. 10.1016\/j.infsof.2019.106240 https:\/\/dl.acm.org\/doi\/10.1016\/j.infsof.2019.106240","DOI":"10.1016\/j.infsof.2019.106240"},{"key":"e_1_3_3_1_34_2","doi-asserted-by":"publisher","DOI":"10.29327\/1298731.22-5"},{"key":"e_1_3_3_1_35_2","doi-asserted-by":"publisher","DOI":"10.29327\/1298356.26-17"},{"key":"e_1_3_3_1_36_2","doi-asserted-by":"publisher","DOI":"10.1145\/3350768.3352730"},{"key":"e_1_3_3_1_37_2","unstructured":"P.\u00a0N. Otto. 2009. Reasonableness meets requirements: Regulating security and privacy in software. Duke Law Journal 59 (2009) 309."},{"key":"e_1_3_3_1_38_2","doi-asserted-by":"publisher","DOI":"10.1109\/RE.2007.65"},{"key":"e_1_3_3_1_39_2","doi-asserted-by":"crossref","unstructured":"C. Palomares C. Quer and X. Franch. 2017. Requirements reuse and requirement patterns: a state of the practice survey. Empirical Software Engineering 22 (2017) 2719\u20132762.","DOI":"10.1007\/s10664-016-9485-x"},{"key":"e_1_3_3_1_40_2","doi-asserted-by":"publisher","unstructured":"M. Peixoto C. Silva J. Ara\u00fajo T. Gorschek A. Vasconcelos and J. Vilela. 2022. Evaluating a Privacy Requirements Specification Method by Using a Mixed-Method Approach: Results and Lessons Learned. Requir. Eng. 28 2 (Sep. 2022) 229\u2013255. 10.1007\/s00766-022-00388-2 https:\/\/dl.acm.org\/doi\/10.1007\/s00766-022-00388-2","DOI":"10.1007\/s00766-022-00388-2"},{"key":"e_1_3_3_1_41_2","doi-asserted-by":"crossref","unstructured":"A. R\u0105czkowska-Gzowska and A. Walkowiak-Gall. 2023. What Should a Good Software Requirements Specification Include? Results of a Survey.","DOI":"10.2478\/fcds-2023-0004"},{"key":"e_1_3_3_1_42_2","doi-asserted-by":"publisher","DOI":"10.1145\/3267357.3267368"},{"key":"e_1_3_3_1_43_2","unstructured":"P. Swire and A. Anton. 2014. Engineers and lawyers in privacy protection: Can we all just get along."},{"key":"e_1_3_3_1_44_2","doi-asserted-by":"publisher","unstructured":"C. Tankard. 2016. What the GDPR means for businesses. Network Security 2016 6 (2016) 5\u20138. 10.1016\/S1353-4858(16)30056-3","DOI":"10.1016\/S1353-4858(16)30056-3"},{"key":"e_1_3_3_1_45_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-64148-1_24"},{"key":"e_1_3_3_1_46_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-29044-2"}],"event":{"name":"SBQS 2024: XXIII Brazilian Symposium on Software Quality","location":"Salvador Bahia Brazil","acronym":"SBQS 2024"},"container-title":["Proceedings of the XXIII Brazilian Symposium on Software Quality"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3701625.3701663","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3701625.3701663","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:10:06Z","timestamp":1750295406000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3701625.3701663"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,5]]},"references-count":45,"alternative-id":["10.1145\/3701625.3701663","10.1145\/3701625"],"URL":"https:\/\/doi.org\/10.1145\/3701625.3701663","relation":{},"subject":[],"published":{"date-parts":[[2024,11,5]]},"assertion":[{"value":"2024-12-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}