There is often a misalignment between requirements for keeping data owners' information private and real data processing practices, and this can lead to violations of privacy. Specifying and implementing appropriate policies to control a user's access to a system and its resource is critical for keeping data owners' information private. Traditionally, policy specification is isolated from requirements analysis, which often results in data processing practices that are not in compliance with data owners' requirements. This thesis investigates a development scheme that integrates policy specification into requirements analysis and approach design. It suggests that, while we derive specification from requirements analysis, we can also improve requirements and approach design through privacy preservation specification by clarifying ambiguities in the requirements and resolving inconsistencies between requirements and data processing practices. This claim is supported by the requirements analysis and specification of a purpose based access control approach for privacy preservation. The purpose-based access control method consists of an entity of purpose, which expresses requirements for keeping personal information private from a data owner's point of view. The requirements analysis is helped by the specification of the entities, the relationships, the invariants corresponding to the requirements, and the model operations along with proof obligations of their satisfiability. That specification results in a complete purpose based access control model in the case of an intra-organisation scenario. The development scheme has also been applied for privacy preservation in distributed collaborative environments. Distributed computing environments pose further challenges for keeping personal information private. Design considerations are taken for ensuring that personal information is accessed from two or more parties only if agreed privacy policies and privacy preferences are satisfied, and for facilitating privacy policies matching and privacy preference compliance among distributed collaborative organisations. The work presented in this thesis should be of value to researchers on privacy protection methods, to whom the purpose-based access control model has been made available for privacy property verification, and to researchers on privacy specification, who will be able to incorporate specification into the requirements analysis.