Privacy Facets (PriF)

Keerthi Thomas, Arosha K. Bandara, Blaine A. Price1 and Bashar Nuseibeh propose a process (Requirement distillation) and a framework (PriF) as a way to capture the privacy related requirements for a mobile application development.

Requirements distillation process

The requirements distillation process consists of three main phases: “Structuring of the Qualitative Data”, “Information Flow Modelling” and “Privacy Problem Analysis”.

Privacy Facets Framework

Privacy Facets framework


Structuring Qualitative Data: Use Privacy Facets (PriF) framework to structure the qualitative data. The outcome is a set of predefined codes adapted to the identification of privacy-sensitive contexts. The result of completing this phase is a set of Privacy or Threats Concerns from the users.

Information Flow Modeling: In the second phase, the  problem models of information-flows are developed. That is done based on the information-flow problem patterns, which are provided in the PriF framework. These problem models capture the way the information is created and disseminated to other users.

The privacy problem analysis: To elaborate a list of the privacy requirements, the privacy-sensitive context and its privacy threats or concerns are analysed with the information-flow models.

Privacy Facets

The Privacy Facets is a framework that provides:

  • analytical tools such as thematic codes, heuristics, facet questions and extraction rules to structure qualitative data
  • information-flow problem patterns and privacy arguments language to model privacy requirements.

To obtain those assets, the system analyst should structure the qualitative data of the system from the first phase of the process by using some heuristic based categories, for example:

  • Negative Behaviour Patterns (NBP): Situations in which the user chooses not to use an application because of privacy concerns.
  • Negative Emotional Indicators (NEI): These are keywords that indicate that the user might have some concerns about the privacy when using the application.
K. Thomas, A. K. Bandara, B. A. Price, and B. Nuseibeh, “Distilling privacy requirements for mobile applications,” in Proceedings of the 36th International Conference on Software Engineering, 2014, pp. 871–882.

Fair Information Practices (FIPS)

The Fair Information Practice Principles (FIPPs) proposed by the Federal Trade Commission (FTC) are the result of an enquiry to promote the adequate handling of personal information in information systems.


1. Notice/Awareness: Subjects should be given notice of the collection of personal information from them before it takes place.

2. Choice/Consent: Subjects should be given the choice of cancelling the collection of their personal information.

3. Access/Participation: Subjects should be allowed to access their personal information that has been collected.

4. Integrity/Security Information collectors should ensure that the information they collect is accurate and secure.

5. Enforcement/Redress: In order to ensure that the Fair Information Practice Principles are applied, there must be enforcement measures available to the Subjects.


More information: