Table of Contents
Fetching ...

Privacy and Confidentiality Requirements Engineering for Process Data

Fabian Haertel, Juergen Mangler, Nataliia Klievtsova, Celine Mader, Eugen Rigger, Stefanie Rinderle-Ma

TL;DR

This paper tackles confidentiality challenges in process mining beyond personal data by introducing the Privacy and Confidentiality Engineering Method (PCRE), a seven-phase, stakeholder-driven framework for eliciting privacy and confidentiality requirements from process data and mapping them to privacy-preserving actions. PCRE is designed to be generic and applicable across domains, capable of informing anonymization, pseudonymization, or data suppression while balancing utility loss with privacy protection. The method is evaluated through multi-site interviews in manufacturing and healthcare contexts, applied to manufacturing scenarios and an ideation process, and refined through workshops that validate anonymization strategies. The results demonstrate how PCRE can identify sensitive metadata, data-element dependencies, and actionable anonymization plans, enabling the publication or sharing of process logs with confidentiality assurances while preserving usable analytics.

Abstract

The application and development of process mining techniques face significant challenges due to the lack of publicly available real-life event logs. One reason for companies to abstain from sharing their data are privacy and confidentiality concerns. Privacy concerns refer to personal data as specified in the GDPR and have been addressed in existing work by providing privacy-preserving techniques for event logs. However, the concept of confidentiality in event logs not pertaining to individuals remains unclear, although they might contain a multitude of sensitive business data. This work addresses confidentiality of process data based on the privacy and confidentiality engineering method (PCRE). PCRE interactively explores privacy and confidentiality requirements regarding process data with different stakeholders and defines privacy-preserving actions to address possible concerns. We co-construct and evaluate PCRE based on structured interviews with process analysts in two manufacturing companies. PCRE is generic, hence applicable in different application domains. The goal is to systematically scrutinize process data and balance the trade-off between privacy and utility loss.

Privacy and Confidentiality Requirements Engineering for Process Data

TL;DR

This paper tackles confidentiality challenges in process mining beyond personal data by introducing the Privacy and Confidentiality Engineering Method (PCRE), a seven-phase, stakeholder-driven framework for eliciting privacy and confidentiality requirements from process data and mapping them to privacy-preserving actions. PCRE is designed to be generic and applicable across domains, capable of informing anonymization, pseudonymization, or data suppression while balancing utility loss with privacy protection. The method is evaluated through multi-site interviews in manufacturing and healthcare contexts, applied to manufacturing scenarios and an ideation process, and refined through workshops that validate anonymization strategies. The results demonstrate how PCRE can identify sensitive metadata, data-element dependencies, and actionable anonymization plans, enabling the publication or sharing of process logs with confidentiality assurances while preserving usable analytics.

Abstract

The application and development of process mining techniques face significant challenges due to the lack of publicly available real-life event logs. One reason for companies to abstain from sharing their data are privacy and confidentiality concerns. Privacy concerns refer to personal data as specified in the GDPR and have been addressed in existing work by providing privacy-preserving techniques for event logs. However, the concept of confidentiality in event logs not pertaining to individuals remains unclear, although they might contain a multitude of sensitive business data. This work addresses confidentiality of process data based on the privacy and confidentiality engineering method (PCRE). PCRE interactively explores privacy and confidentiality requirements regarding process data with different stakeholders and defines privacy-preserving actions to address possible concerns. We co-construct and evaluate PCRE based on structured interviews with process analysts in two manufacturing companies. PCRE is generic, hence applicable in different application domains. The goal is to systematically scrutinize process data and balance the trade-off between privacy and utility loss.
Paper Structure (5 sections, 3 figures, 5 tables)

This paper contains 5 sections, 3 figures, 5 tables.

Figures (3)

  • Figure 1: PCRE Method (modeled as BPMN process using SAP Signavio)
  • Figure 2: Process With Data Dependencies
  • Figure 3: Excerpt of Results of Phase 4 in Controlled Experiment