Empirical Software Engineering

, Volume 23, Issue 1, pp 259–289 | Cite as

Privacy by designers: software developers’ privacy mindset

  • Irit HadarEmail author
  • Tomer Hasson
  • Oshrat Ayalon
  • Eran Toch
  • Michael Birnhack
  • Sofia Sherman
  • Arod Balissa


Privacy by design (PbD) is a policy measure that guides software developers to apply inherent solutions to achieve better privacy protection. For PbD to be a viable option, it is important to understand developers’ perceptions, interpretation and practices as to informational privacy (or data protection). To this end, we conducted in-depth interviews with 27 developers from different domains, who practice software design. Grounded analysis of the data revealed an interplay between several different forces affecting the way in which developers handle privacy concerns. Borrowing the schema of Social Cognitive Theory (SCT), we classified and analyzed the cognitive, organizational and behavioral factors that play a role in developers’ privacy decision making. Our findings indicate that developers use the vocabulary of data security to approach privacy challenges, and that this vocabulary limits their perceptions of privacy mainly to third-party threats coming from outside of the organization; that organizational privacy climate is a powerful means for organizations to guide developers toward particular practices of privacy; and that software architectural patterns frame privacy solutions that are used throughout the development process, possibly explaining developers’ preference of policy-based solutions to architectural solutions. Further, we show, through the use of the SCT schema for framing the findings of this study, how a theoretical model of the factors that influence developers’ privacy practices can be conceptualized and used as a guide for future research toward effective implementation of PbD.


Data protection Privacy Privacy by design Qualitative research Grounded analysis Social cognitive theory Organizational climate 



We acknowledge the support of the Israel Science Foundation, Grant 1116/12.


  1. Ackerman MS, Cranor LF, Reagle J (1999) Privacy in e-commerce: examining user scenarios and privacy preferences. Proceedings of the 1st ACM conference on electronic commerce, DenverGoogle Scholar
  2. Ammori M, Pelican L (2013) Media diversity and online advertising. Alb L Rev 76:665–696Google Scholar
  3. Argyris C (1960) Understanding organizational behavior. The Dorsey Press, Oxford, EnglandGoogle Scholar
  4. Awad NF, Krishnan MS (2006) The personalization privacy paradox: an empirical evaluation of information transparency and the willingness to be profiled online for personalization. MIS Q 30:13–28Google Scholar
  5. Ayalon O, Toch E (2013) Retrospective privacy: managing longitudinal privacy in online social networks. Proceedings of the Ninth Symposium on Usable Privacy and SecurityGoogle Scholar
  6. Balebako, R., Marsh, A., Lin, J., Hong, J., Cranor, L. F. (2014) The privacy and security behaviors of smartphone app developers. Workshop on Usable Security (USEC 2014), San Diego, 2014Google Scholar
  7. Bamberger KA, Mulligan DK (2010) Privacy on the books and on the ground. Stanford Law Rev 63:247Google Scholar
  8. Bamberger KA, Mulligan DK (2013) Privacy in Europe: initial data on governance choices and corporate practices. Geo Wash L Rev 81:1529–1755Google Scholar
  9. Bandura A (1986) Social foundations of thought and action: a social cognitive theory. Prentice-Hall, Englewood CliffsGoogle Scholar
  10. Bartels KK, Harrick E, Martell K, Strickland D (1998) The relationship between ethical climate and ethical problems within human resource management. J Bus Ethics 17(7):799–804CrossRefGoogle Scholar
  11. Berente N, Yoo Y (2012) Institutional contradictions and loose coupling: Postimplementation of NASA’s enterprise information system. Inf Syst Res 23(2):376–396CrossRefGoogle Scholar
  12. Birnhack M, Elkin-Koren N (2011) Does law matter online? Empirical evidence on privacy law compliance. Michigan Telecommun Technol Law Rev 17:337Google Scholar
  13. Birnhack M, Toch E, Hadar I (2014) Privacy mindset, technological mindset. Jurimetrics 55:55–114Google Scholar
  14. Brown R, Holmes H (1986) The use of a factor-analytic procedure for assessing the validity of an employee safety climate model. Accid Anal Prev 18(6):455–470CrossRefGoogle Scholar
  15. Budi, A., Lo, D., Jiang, L., Lucia (2011) Kb-anonymity: a model for anonymized behaviour-preserving test and debugging data. PLDI 2011: 447–457Google Scholar
  16. Castro M, Costa M, Martin JP (2008) Better bug reporting with better privacy. ACM Sigplan Notices 43(3):319–328CrossRefGoogle Scholar
  17. Cavoukian A (2009) Privacy by design: the 7 foundational principles. Information and Privacy Commissioner of Ontario, TorontoGoogle Scholar
  18. Cavoukian A (2011) Privacy by design: origins, meaning, and prospects. Privacy Protection Measures and Technologies in Business Organizations: Aspects and Standards Information Science Reference (an imprint of IGI Global)Google Scholar
  19. Cavoukian, A., Chibba, M., Stoianov, A., Marinelli, T., Peltsch, K., Chabanne, H., Despiegel, V. (2014) Facial recognition with biometric encryption in match-on-card architecture for gaming and other computer applications. eBook, York University, TorontoGoogle Scholar
  20. Chan YE (2000) IT value: the great divide between qualitative and quantitative and individual and organizational measures. J Manag Inf Syst 16(4):225–261CrossRefGoogle Scholar
  21. Cooper MD, Phillips RA (2004) Exploratory analysis of the safety climate and safety behavior relationship. J Saf Res 35(5):497–512CrossRefGoogle Scholar
  22. Culnan MJ, Williams CC (2009) How ethics can enhance organizational privacy: lessons from the ChoicePoint and TJX data breaches. Manag Inf Syst Q 33(4):673–687CrossRefGoogle Scholar
  23. Dennedy MF, Fox J, Finneran T (2014) The privacy engineer’s manifesto: getting from policy to code to QA to value. Apress, BerkeleyCrossRefGoogle Scholar
  24. Deshpande SP (1996) Ethical climate and the link between success and ethical behavior: an empirical investigation of a non-profit organization. J Bus Ethics 15(3):315–320CrossRefGoogle Scholar
  25. Dinev T, Hart P (2006) An extended privacy calculus model for e-commerce transactions. Inf Syst Res 17(1):61–80CrossRefGoogle Scholar
  26. Eisenberger R, Fasolo P, Davis-LaMastro V (1990) Perceived organizational support and employee diligence, commitment, and innovation. J Appl Psychol 75(1):51CrossRefGoogle Scholar
  27. Fienberg SE (2006) Privacy and confidentiality in an e-commerce world: data mining, data warehousing, matching and disclosure limitation. Stat Sci 21(2):143–154MathSciNetCrossRefzbMATHGoogle Scholar
  28. Friedman B, Kahn Jr PH, Borning A (2006) Value sensitive design and information systems. In: Human-Computer Interaction in Management Information Systems, M.E. S Sharpe Inc., pp 348–372Google Scholar
  29. FTC (2012) Protecting consumer privacy in an era of rapid change: recommendations for businesses and policymakers. FTC Privacy ReportGoogle Scholar
  30. GDPR (2012) European Commission, Proposal for a regulation of the European Parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Accessed 14 Apr 2017
  31. Gellman R (2013) Fair informaiton practices: a basic history Accessed 16 Aug 2013
  32. Gershon RR, Karkashian CD, Grosch JW, Murphy LR, Escamilla-Cejudo A, Flanagan PA, Martin L (2000) Hospital safety climate and its relationship with safe work practices and workplace exposure incidents. Am J Infect Control 28(3):211–221CrossRefGoogle Scholar
  33. Gimeno D, Felknor S, Burau K, Delclos G (2005) Organisational and occupational risk factors associated with work related injuries among public hospital employees in Costa Rica. Occup Environ Med 62(5):337–343CrossRefGoogle Scholar
  34. Grechanik M, Csallner C, Fu C, Xie Q (2010) Is data privacy always good for software testing? In: 2010 I.E. 21st International Symposium on Software Reliability Engineering, IEEE, pp 368–377Google Scholar
  35. Grosch JW, Gershon RR, Murphy LR, DeJoy DM (1999) Safety climate dimensions associated with occupational exposure to blood-borne pathogens in nurses. Am J Ind Med 36(S1):122–124CrossRefGoogle Scholar
  36. Gross R, Acquisti A (2005) Information revelation and privacy in online social networks. Proceedings of the 2005 ACM workshop on privacy in the electronic society, AlexandriaGoogle Scholar
  37. Gürses S, Gonzalez Troncoso C, Diaz C (2011) Engineering privacy by design. Comput, Priv Data Prot 14(3)Google Scholar
  38. Jain S, Lindqvist J (2014) Should I protect you? Understanding developers’ behavior to privacy-preserving APIs. Workshop on Usable Security (USEC’14)Google Scholar
  39. Jaramillo F, Mulki JP, Boles JS (2013) Bringing meaning to the sales job: the effect of ethical climate and customer demandingness. J Bus Res 66(11):2301–2307CrossRefGoogle Scholar
  40. Kalloniatis C, Kavakli E, Gritzalis S (2008) Addressing privacy requirements in system design: the PriS method. Requir Eng 13(3):241–255CrossRefGoogle Scholar
  41. Lacity MC, Janson MA (1994) Understanding qualitative data: a framework of text analysis methods. J Manag Inf Syst 11:137–155CrossRefGoogle Scholar
  42. Lahlou S, Langheinrich M, Röcker C (2005) Privacy and trust issues with invisible computers. Commun ACM 48(3):59–60CrossRefGoogle Scholar
  43. Langheinrich M (2001) Privacy by design—principles of privacy-aware ubiquitous systems. International conference on ubiquitous computing. Springer, Berlin, HeidelbergzbMATHGoogle Scholar
  44. Lucia, Lo D, Jiang L, Budi A (2012) kbe-anonymity: test data anonymization for evolving programs. In: 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, Essen, 2012, pp 262–265Google Scholar
  45. Luria G (2008) Controlling for quality: climate, leadership, and behavior. Quality Manangement Jounral 15(1):27–40Google Scholar
  46. Madejski M, Johnson ML, Bellovin SM (2011) The failure of online social network privacy settings. Department of Computer Science, Columbia University, tech. Rep. CUCS-010-11Google Scholar
  47. Mathew A, Cheshire C (2017) Risky business: social trust and community in the practice of cybersecurity for internet infrastructure. In: Proceedings of the 50th Hawaii International Conference on System SciencesGoogle Scholar
  48. Mohamed S (2002) Safety climate in construction site environments. J Constr Eng Manag 128(5):375–384CrossRefGoogle Scholar
  49. Myers MD (1997) Qualitative research in information systems. MIS Q 21:241–242CrossRefGoogle Scholar
  50. Myers MD, Newman M (2007) The qualitative interview in IS research: examining the craft. Inf Organ 17:2–26CrossRefGoogle Scholar
  51. Nicholson N, Johns G (1985) The absence culture and psychological contract—who's in control of absence? Acad Manag Rev 10(3):397–407Google Scholar
  52. Ohm P (2010) Broken promises of privacy: responding to the surprising failure of anonymization. UCLA Law Review 57:1701Google Scholar
  53. Omoronyia I, Cacallaro L, Salehie M, Pasqualie L, Nuseibeh B (2013) Engineering adaptive privacy: on the role of privacy awareness requirements. Proceedings of the 2013 International Conference on Software Engineering. IEEE Press, 2013Google Scholar
  54. Ozer NA (2012) Putting online privacy above the fold: building a social movement and creating corporate change. NYU Rev L & Soc Change 36:215Google Scholar
  55. Peters F, Menzies T (2012) Privacy and utility for defect prediction: experiments with MORPH. ICSE 2012:189–199Google Scholar
  56. Peters F, Menzies T, Gong L, Zhang H (2013) Balancing privacy and utility in cross-company defect prediction. IEEE Trans Softw Eng 39(8):1054–1106CrossRefGoogle Scholar
  57. Reay, I., Dick, S., Miller, J. (2009) A large-scale empirical study of P3P privacy policies: stated actions vs. legal obligations. ACM transactions on the web (TWEB), 3(2), 6Google Scholar
  58. Resnick ML, Montania R (2003) Perceptions of customer service, information privacy, and product quality from semiotic design features in an online web store. International Journal of Human-Computer Interaction 16(2):211–234CrossRefGoogle Scholar
  59. Rubinstein IS, Good N (2013) Privacy by design: a counterfactual analysis of Google and Facebook privacy incidents. Berkeley Tech LJ 28:1333–1583Google Scholar
  60. Sánchez Abril P, Levin A, Del Riego A (2012) Blurred boundaries: social media privacy and the twenty-first-century employee. American Business Law Journal 49(1):63–124CrossRefGoogle Scholar
  61. Schneider B, Ehrhart MG, Macey WH (2013) Organizational climate and culture. Annu Rev Psychol 64:361–388CrossRefGoogle Scholar
  62. Schneider B, González-Romá V, Ostroff C, West MA (2016) Organizational climate and culture: reflections on the history of the constructs in Journal of Applied Psychology. J Appl Psychol 102(3):468Google Scholar
  63. Seaman CB (1999) Qualitative methods in empirical studies of software engineering. IEEE Trans Softw Eng 25(4):557–572CrossRefGoogle Scholar
  64. Shaw TR (2003) The moral intensity of privacy: an empirical study of webmaster' attitudes. J Bus Ethics 46(4):301–318CrossRefGoogle Scholar
  65. Sheth S, Kaiser G, Maalej W (2014) Us and them: a study of privacy requirements across North America, Asia, and Europe. Proceedings of the 36th International Conference on Software Engineering. ACM, 2014Google Scholar
  66. Siu O-L, Phillips DR, Leung TW (2004) Safety climate and safety performance among construction workers in Hong Kong: the role of psychological strains as mediators. Accid Anal Prev 36(3):359–366CrossRefGoogle Scholar
  67. Smith HJ, Dinev T, Xu H (2011) Information privacy research: an interdisciplinary review. MIS Q 35(4):989–1016CrossRefGoogle Scholar
  68. Spiekermann S, Cranor LF (2009) Engineering privacy. IEEE Trans Softw Eng 35(1):67–82CrossRefGoogle Scholar
  69. Spreitzer GM (2008) Taking stock: a review of more than twenty years of research on empowerment at work. In: Handbook of organizational behavior. Sage, Thousand Oaks, pp 54–72Google Scholar
  70. Stamper R, Liu K, Hafkamp M, Ades Y (2000) Understanding the roles of signs and norms in organizations-a semiotic approach to information systems design. Behav Inform Technol 19(1):15–27CrossRefGoogle Scholar
  71. Strauss A, Corbin J (1990) Basics of |qualitative research. Sage publications, Newbury ParkGoogle Scholar
  72. Strauss A, Corbin J (1994) Grounded theory methodology: an overview. In: Denzin NK, Lincoln YS (eds) Handbook of qualitative research. Sage, Thousand Oaks, pp 273–285Google Scholar
  73. Strauss A, Corbin J (1998) Basics of qualitative research: techniques and procedures for developing grounded theory. Sage Publications, Thousand OaksGoogle Scholar
  74. Stutzman F, Gross R, Acquisti A (2013) Silent listeners: the evolution of privacy and disclosure on Facebook. Journal of Privacy and Confidentiality 4(2):2Google Scholar
  75. Suddaby R (2006) From the editors: what grounded theory is not. Acad Manag J 49(4):633–642CrossRefGoogle Scholar
  76. Székely I (2013) What do IT professionals think about surveillance? Internet and surveillance: the challenges of web 2.0 and social media, 16, 198Google Scholar
  77. Taneja K, Grechanik M, Ghani R, Xie T (2011) Testing software in age of data privacy: a balancing act. Proceedings of the 19th ACM SIGSOFT Symposium and the 13th European conference on foundations of software engineering, ACM, pp 201–211Google Scholar
  78. Tene O, Polonetsky J (2013) Big data for all: privacy and user control in the age of analytics. Northwest J Technol Intellect Prop 11(5):1Google Scholar
  79. Thomas K, Bandara AK, Price BA, Nuseibeh B (2014) Distilling privacy requirements for mobile applications. Proceedings of the 36th International conference on software engineering. ACM, 2014Google Scholar
  80. Toch E, Wang Y, Cranor LF (2012) Personalization and privacy: a survey of privacy risks and remedies in personalization-based systems. User Model User-Adap Inter 22(1–2):203–220CrossRefGoogle Scholar
  81. Tsai MT, Cheng NC (2010) Programmer perceptions of knoweldge-sharing behavior under social cognitive theory. Expert Syst Appl 37(12):8479–8485CrossRefGoogle Scholar
  82. U.S. Dept. of Helath, Education & Welfare (1973) Record computers and the rights of citizens. REp. of Sec'y Advisory Comm. on Automated Pers. Data Sys. 41 (1973).
  83. Van Der Sype YS, Maalej W (2014) On lawful disclosure of personal user data: what should app developers do? 7th International Workshop on Requirements Engineering and Law (RELAW), IEEE 2014Google Scholar
  84. van Lieshout M, Kool L, van Schoonhoven B, de Jonge M (2011) Privacy by design: an alternative to existing practice in safeguarding privacy. Info 13(6):55–68CrossRefGoogle Scholar
  85. van Rest, J., Boonstra, D., Everts, M., van Rijn, M., van Paassen, R. (2014) Designing privacy-by-design. Privacy Technologies and Policy, Springer Berlin, HeidelbergGoogle Scholar
  86. Varonen U, Mattila M (2000) The safety climate and its relationship to safety practices, safety of the work environment and occupational accidents in eight wood-processing companies. Accid Anal Prev 32(6):761–769CrossRefGoogle Scholar
  87. Walsham G (2006) Doing interpretive research. Eur J Inf Syst 15(3):320–330CrossRefGoogle Scholar
  88. Wimbush JC, Shepard JM (1994) Toward an understanding of ethical climate: its relationship to ethical behavior and supervisory influence. J Bus Ethics 13(8):637–647CrossRefGoogle Scholar
  89. Wood R, Banduar A (1989) Social cognitive theory of organizational management. Acad Manag Rev 14(3):361–384Google Scholar
  90. Zohar D (1980) Safety climate in industrial organizations: theoretical and applied implications. J Appl Psychol 65:96–102CrossRefGoogle Scholar
  91. Zohar D (2000) A group-level model of safety climate: testing the effect of group climate on microaccidents in manufacturing jobs. J Appl Psychol 85(4):587CrossRefGoogle Scholar
  92. Zohar D, Luria G (2005) A multilevel model of safety climate: cross-level relationships between organization and group-level climates. J Appl Psychol 90(4):616–628Google Scholar

Copyright information

© Springer Science+Business Media New York 2017

Authors and Affiliations

  • Irit Hadar
    • 1
    Email author
  • Tomer Hasson
    • 1
  • Oshrat Ayalon
    • 2
  • Eran Toch
    • 2
  • Michael Birnhack
    • 3
  • Sofia Sherman
    • 1
  • Arod Balissa
    • 3
  1. 1.Department of Information SystemsUniversity of HaifaHaifaIsrael
  2. 2.Faculty of EngineeringTel Aviv UniversityTel AvivIsrael
  3. 3.Faculty of LawTel Aviv UniversityTel AvivIsrael

Personalised recommendations