Skip to Main Content
Understanding the nature of privacy regulation is a challenge that requirements engineers face when building software systems in financial, healthcare, government, or other sensitive industries. Requirements engineers have begun to model privacy requirements based on taxonomic classifications of privacy. Independently, legal research has modeled privacy harms in a taxonomic fashion. In this paper, we compare a requirements engineering taxonomy of privacy protections and vulnerabilities to a legal taxonomy of privacy harms. We seek to determine the extent to which the concepts and terminology are consistent between the two taxonomies. A consistent, standard vocabulary for privacy concepts for both requirements engineers and lawyers will improve the common understanding of privacy concepts, legal traceability and compliance auditing. We conclude that the taxonomies we analyzed are reasonably compatible. We believe this compatibility indicates that a taxonomic understanding of privacy is a promising area of research for requirements engineers.