Analyzing Website Privacy Requirements Using a Privacy Goal Taxonomy

Privacy has recently become a prominent issue in the context of electronic commerce websites. Increasingly, privacy policies posted on such websites are receiving considerable attention from the government and consumers. We have used goal-mining, to extract prerequirements goals from post-requirements text artifacts, as a technique for analyzing privacy policies. The identified goals are useful for analyzing implicit internal conflicts within privacy policies and conflicts with the corresponding websites and their manner of operation. These goals can be used to reconstruct the implicit requirements met by the privacy policies. This paper interrelates privacy policy and requirements for websites; it introduces a privacy goal taxonomy and reports the analysis of 23 Internet privacy policies for companies in three health care industries: pharmaceutical, health insurance and online drugstores. The evaluated taxonomy provides a valuable framework for requirements engineering practitioners, policy makers and regulatory bodies, and also benefits website users.