Increasingly, information systems are becoming distributed and pervasive, enabling organizations to deliver services remotely to individuals and to share and store personal information, worldwide. However, systems developers face significant challenges in identifying and managing the many laws that govern their services and products in this new multi-jurisdictional environment. To address this challenge, we explore the concept of a computational requirements document expressible using a formal requirements specification language (RSL). The purpose of this document is to make requirements open and available to policy makers, business analysts and software developers, alike. We show how document authors can codify policy and law using the RSL and design, debug, analyze, trace, and visualize relationships among requirements from different policies and regulations. The RSL provides new model-based constructs for expressing multi-jurisdictional, distributed constraints and navigating a regulatory narrative and conditional surface structure. In addition, the RSL makes regulatory specification patterns visually salient and enables metrics to quantitatively measure different compositional styles for writing legal and policy documents. We discovered and validated the RSL using nine U.S. state data breach notification laws that govern transactions of financial and health information of residents of these nine states.

16 pages

*Department of Engineering and Public Policy, Carnegie Mellon University

Return to: SCS Technical Report Collection
School of Computer Science

This page maintained by reports@cs.cmu.edu