Experimental Evaluation of a Checklist-Based Inspection Technique to Verify the Compliance of Software Systems with the Brazilian General Data Protection Law
Recent laws to ensure the security and protection of personal data establish new software requirements. Consequently, new technologies are needed to guarantee software quality under the perception of privacy and protection of personal data. Therefore, we created a checklist-based inspection technique (LGPDCheck) to support the identification of defects in software artifacts based on the principles established by the Brazilian General Data Protection Law (LGPD). Objective/Aim: To evaluate the effectiveness and efficiency of LGPDCheck for verifying privacy and data protection (PDP) in software artifacts compared to ad-hoc techniques. Method: To assess LGPDCheck and ad-hoc techniques experimentally through a quasi-experiment (two factors, five treatments). The data will be collected from IoT-based health software systems built by software engineering students from the Federal University of Rio de Janeiro. The data analyses will compare results from ad-hoc and LGPDCheck inspections, the participant’s effectiveness and efficiency in each trial, defects’ variance and standard deviation, and time spent with the reviews. The data will be screened for outliers, and normality and homoscedasticity will be verified using the Shapiro-Wilk and Levene tests. Nonparametric or parametric tests, such as the Wilcoxon or Student’s t-tests, will be applied as appropriate.