With the increase in the number of privacy regulations, small development teams are forced to make privacy decisions on their own. In this paper, we conduct a mixed-method survey study, including statistical and qualitative analysis, to evaluate the privacy perceptions, practices, and knowledge of members involved in various phases of the Software Development Life Cycle (SDLC). Our survey includes 362 participants from 23 countries, encompassing roles such as product managers, developers, and testers. Our results show diverse definitions of privacy across SDLC roles, emphasizing the need for a holistic privacy approach throughout SDLC. We find that software teams, regardless of their region, are less familiar with privacy concepts (such as anonymization), relying on self-teaching and forums. Most participants are more familiar with GDPR and HIPAA than other regulations, with multi-jurisdictional compliance being their primary concern. Our results advocate the need for role-dependent solutions to address the privacy challenges, and we highlight research directions and educational takeaways to help improve privacy-aware SDLC.

翻译：随着隐私法规数量的增加，小型开发团队被迫自行做出隐私决策。本文采用混合方法开展调查研究，包括统计与定性分析，以评估参与软件开发生命周期各阶段成员的隐私认知、实践与知识。我们的调查涵盖来自23个国家的362名参与者，包括产品经理、开发人员和测试人员等角色。研究结果表明，不同SDLC角色对隐私的定义存在差异，这凸显了在整个SDLC中采用整体性隐私方法的必要性。我们发现，无论所处地域，软件团队对隐私概念（如匿名化）的熟悉程度较低，主要依赖自学和论坛获取知识。大多数参与者对GDPR和HIPAA的熟悉程度高于其他法规，跨司法管辖区的合规性是他们关注的主要问题。我们的研究结果主张需要针对不同角色制定解决方案以应对隐私挑战，并提出了研究方向与教育启示，以帮助改进具备隐私意识的SDLC。