UML for Inclusion of Privacy in Software Modeling

Abstract

Online commerce and service obtain much private data from users. Collection, storage, management, and use of private data are subject to various privacy laws, regulations, and standards. To adhere to legal requirements, many privacy services, such as security, notice, and consent, are required. Inclusion of the required privacy services early in the life cycle of the software development is preferred and advocated. We extend UML use case diagrams with privacy components to represent example privacy services. These components are used to visually model privacy requirements in the analysis phase of the SDLC. We create a prototype by extending Microsoft Visio, a popular UML modeling tool, with our proposed privacy components. In summary, we show how privacy services may be specified in UML use case diagrams rather than adding privacy as an afterthought to software systems and services. The tool is demonstrated with real-world scenarios from the health sector.