Identifying the Context of Data Usage to Diagnose Privacy Issues through Process Mining

Azadeh Sadat Mozafari Mehr (Corresponding author), Renata M. de Carvalho, Boudewijn van Dongen

Onderzoeksoutput: Bijdrage aan tijdschriftTijdschriftartikelAcademicpeer review

30 Downloads (Pure)

Samenvatting

In recent years, data privacy issues are increasingly concerned by organisations and gov-ernments. Organisations often define a set of rules as privacy policies for protecting sensitive data of their business. Regulations like the European General Data Protection Regulation (GDPR) added another layer of importance to data security emphasizing personal data protection, making it not only a business requirement but also a legal requirement. Existing access control mechanisms are not sufficient for data protection. They are only preventive and cannot guarantee that data is accessed for the intended purposes. This paper presents the underlying theory of a novel approach for multi-perspective conformance checking which considers the process control-flow, data and privacy perspectives simultaneously. In addition to detecting deviations in each perspective, the approach is able to detect hidden deviations where non-conformity relates to either a combination of two or all three aspects of a business process. Moreover, by reconciling the process, data and privacy aspects, it can detect spurious data access and identify privacy infringements where data have been processed for unclear or secondary purposes by an authorised role. The approach has been implemented in the open source ProM framework and was evaluated through controlled experiments using synthetic and real logs.

Originele taal-2Engels
Pagina's (van-tot)123-151
Aantal pagina's29
TijdschriftTransactions on Data Privacy
Volume16
Nummer van het tijdschrift2
StatusGepubliceerd - mei 2023

Financiering

The author has received funding within the BPR4GDPR project from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787149.

FinanciersFinanciernummer
European Union’s Horizon Europe research and innovation programme787149

    Vingerafdruk

    Duik in de onderzoeksthema's van 'Identifying the Context of Data Usage to Diagnose Privacy Issues through Process Mining'. Samen vormen ze een unieke vingerafdruk.

    Citeer dit