Data Minimisation as Privacy and Trust Instrument in Business Processes

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

9 Downloads (Pure)

Abstract

Data is vital for almost all sorts of business processes and workflows. However, the possession of personal data of other beings bear consequences. Data is prone to abuses through the exposure to adversaries in case of data breaches or insider's illegitimate access and processing, hence adding to customer distrust. The data minimisation principle of the General Data Protection Regulation (GDPR), as a proactive approach, requires the collection of personal data to be limited to what is necessary for the legitimate processing purpose(s). Data degradation advocates for periodic inter-process data minimisation in a multi-process environment. In this context, we are proposing intra-process data degradation as a continuous data minimisation function during the process life. In our solution, the granularity or the information level of the process data is reduced at suitable instances in the process life to the minimum sufficient level for a successful completion of the remaining process. We devise three effective data degradation policies to realise and guide intra-process data degradation in business processes. We show through a proof-of-concept implementation the applicability of the introduced concept and the effectiveness of one of the policies. Our proposed approach intrinsically reduces privacy infringement damages which contribute to end-users trust in the processes.
Original languageEnglish
Title of host publicationBusiness Process Management Workshops (BPM 2020)
PublisherSpringer
Publication statusAccepted/In press - 2020
Event18th International Conference on Business Process Management (BPM2020) - fully virtual conference, Sevilla, Spain
Duration: 13 Sep 202018 Sep 2020

Conference

Conference18th International Conference on Business Process Management (BPM2020)
Abbreviated titleBPM 2020
CountrySpain
CitySevilla
Period13/09/2018/09/20

Keywords

  • Business intelligence
  • Data minimisation
  • Data degradation
  • General Data Protection Regulation
  • Intra-process data degradation

Fingerprint Dive into the research topics of 'Data Minimisation as Privacy and Trust Instrument in Business Processes'. Together they form a unique fingerprint.

  • Cite this

    Zaman, R., Hassani, M., & van Dongen, B. F. (Accepted/In press). Data Minimisation as Privacy and Trust Instrument in Business Processes. In Business Process Management Workshops (BPM 2020) Springer.