Requirements Engineering for Privacy, Security and Compliance in Data Science Research Projects

This research addresses the privacy, security, and compliance challenges faced by university researchers and ethics review boards when working on data science projects. Due to the emergent properties of big data, researchers regularly re-evaluate and modify their goals. These changes must be reflected in the project's governing documents, including research protocols, consent forms, privacy and security policies, and data-use agreements. These documents must be consistent, must cater to diverse and sometimes conflicting stakeholder needs, must be compliant in a complex regulatory landscape, and must ensure the privacy and security of research participants. Consistent involvement by a privacy and security expert in every research project, although effective, is not a feasible solution. The goal of this project is to explore whether requirements engineering can be leveraged as a potential solution to these challenges. Requirements engineering can not only help align stakeholder goals with a project's governing documents but can be used to develop tools to enable researchers and ethics review boards to better address privacy, security and compliance in research protocols.