Data Minimisation as Privacy and Trust Instrument in Business Processes

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    47 Downloads (Pure)

    Abstract

    Data is vital for almost all sorts of business processes and workflows. However, the possession of personal data of other beings bear consequences. Data is prone to abuses through the exposure to adversaries in case of data breaches or insider’s illegitimate access and processing, hence adding to customer distrust. The data minimisation principle of the General Data Protection Regulation (GDPR), as a proactive approach, requires the collection of personal data to be limited to what is necessary for the legitimate processing purpose(s). Data degradation advocates for periodic inter-process data minimisation in a multi-process environment. In this context, we are proposing intra-process data degradation as a continuous data minimisation function during the process life. In our solution, the granularity or the information level of the process data is reduced at suitable instances in the process life to the minimum sufficient level for a successful completion of the remaining process. We devise three effective data degradation policies to realise and guide intra-process data degradation in business processes. We show through a proof-of-concept implementation the applicability of the introduced concept and the effectiveness of one of the policies. Our proposed approach intrinsically reduces privacy infringement damages which contribute to end-users trust in the processes.

    Original languageEnglish
    Title of host publicationBusiness Process Management Workshops - BPM 2020 International Workshops, 2020, Revised Selected Papers
    EditorsAdela Del Río Ortega, Henrik Leopold, Flávia Maria Santoro
    PublisherSpringer
    Pages17-29
    Number of pages13
    ISBN (Print)9783030664978
    DOIs
    Publication statusPublished - 2020
    EventInternational Workshops on Business Process Management, BPM 2020 - Seville, Spain
    Duration: 13 Sep 202018 Sep 2020

    Publication series

    NameLecture Notes in Business Information Processing
    Volume397
    ISSN (Print)1865-1348
    ISSN (Electronic)1865-1356

    Conference

    ConferenceInternational Workshops on Business Process Management, BPM 2020
    CountrySpain
    CitySeville
    Period13/09/2018/09/20

    Keywords

    • Business intelligence
    • Data minimisation
    • Data degradation
    • General Data Protection Regulation
    • Intra-process data degradation

    Fingerprint

    Dive into the research topics of 'Data Minimisation as Privacy and Trust Instrument in Business Processes'. Together they form a unique fingerprint.

    Cite this