Abstract

Organizational Information Systems (IS) collect, store, and manage personal and business information through web applications and services. Due to regulation laws and to protect the privacy of users, clients, and business partners, such information must be kept private. This paper proposes a privacy reference architecture that can serve as foundation for the analysis, design and development of web applications with privacy concerns. Using the proposed reference architecture, these applications can manage personal information in a more secure manner, protecting such information from different sources of privacy violation. Also, it can be used as a standardization model that facilitates system integration and communication. The architecture was evaluated regarding four key quality attributes: completeness, applicability, usability and feasibility. Results show that it brings values for the stakeholders and is an important tool in the analysis and implementation of applications with privacy protection.