November 30, 2014

GVU Brown Bag Talk

estimated reading time: 1 minute and 24 seconds.

My GVU Brown Bag talk has been posted. The title for the talk was Regulatory Compliance Software Engineering. Here is the abstract:

Legal compliance is one of the most important and challenging problems in software engineering. Laws, regulations, and organizational policies codify societal values that software engineers must build into regulated systems. Methods, tools, and techniques for evaluating, establishing, or demonstrating regulatory compliance in software systems are critical for this effort. This relatively young area of research is known as Regulatory Compliance Software Engineering (RCSE).

This presentation examines RCSE research in two domains. The first domain applies traditional requirements engineering techniques to evaluate software requirements for compliance with electronic health records systems. I will begin by providing an overview of both a method for evaluating software requirements for compliance. Next, I will present our case studies examining how people actually make legal implementation readiness decisions for software requirements. The results of this work indicate that software engineers are ill-equipped to reason about regulatory compliance.

The second domain examines natural language processing as a part of the regulatory compliance process for privacy policies. I will begin with a study identifying software requirements in a set of over 2,000 privacy policies using topic modeling. This work may prove useful for both regulators and software engineers. Next, I will present our work examining how people identify and classify ambiguity in legal texts. The results of this work demonstrate the promise of natural language processing approaches to regulatory compliance software engineering.

You can watch the video on the GVU site.