Samenvatting
In recent years, data privacy issues are increasingly concerned by organisations and gov-ernments. Organisations often define a set of rules as privacy policies for protecting sensitive data of their business. Regulations like the European General Data Protection Regulation (GDPR) added another layer of importance to data security emphasizing personal data protection, making it not only a business requirement but also a legal requirement. Existing access control mechanisms are not sufficient for data protection. They are only preventive and cannot guarantee that data is accessed for the intended purposes. This paper presents the underlying theory of a novel approach for multi-perspective conformance checking which considers the process control-flow, data and privacy perspectives simultaneously. In addition to detecting deviations in each perspective, the approach is able to detect hidden deviations where non-conformity relates to either a combination of two or all three aspects of a business process. Moreover, by reconciling the process, data and privacy aspects, it can detect spurious data access and identify privacy infringements where data have been processed for unclear or secondary purposes by an authorised role. The approach has been implemented in the open source ProM framework and was evaluated through controlled experiments using synthetic and real logs.
Originele taal-2 | Engels |
---|---|
Pagina's (van-tot) | 123-151 |
Aantal pagina's | 29 |
Tijdschrift | Transactions on Data Privacy |
Volume | 16 |
Nummer van het tijdschrift | 2 |
Status | Gepubliceerd - mei 2023 |
Financiering
The author has received funding within the BPR4GDPR project from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787149.
Financiers | Financiernummer |
---|---|
European Union’s Horizon Europe research and innovation programme | 787149 |