Abstract
Process mining uses event data recorded by information systems to reveal the actual execution of business processes in organizations. By doing this, event logs can expose sensitive information that may be attributed back to individuals (e.g., reveal information on the performance of individual employees). Due to GDPR organizations are obliged to consider privacy throughout the complete development process, which also applies to the design of process mining systems. The aim of this paper is to develop a privacy-preserving system design for process mining. The user-centered view on the system design allows to track who does what, when, why, where and how with personal data. The approach is demonstrated on an IoT manufacturing use case.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Adam, K., et al.: Model-based generation of enterprise information systems. In: EMISA, CEUR Workshop Proceedings, vol. 2097, pp. 75–79 (2018)
Agrawal, D., Aggarwal, C.C.: On the design and quantification of privacy preserving data mining algorithms. In: PODS 2001. ACM Press (2001)
Allison, D.S., El Yamany, H.F., Capretz, M.: Metamodel for privacy policies within SOA. In: ICSE WS on SE for Secure Systems (2009), pp. 40–46. IEEE (2009)
Basso, T., Montecchi, L., Moraes, R., Jino, M., Bondavalli, A.: Towards a UML profile for privacy-aware applications. In: IEEE International Conference on Computer and Information Technology, pp. 371–378 (2015)
Bergeron, E.: The difference between security and privacy (2000). https://www.w3.org/P3P/mobile-privacy-ws/papers/zks.html
Byun, J.W., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: 10th ACM Symposium on Access Control Models and Technologies, SACMAT 2005, pp. 102–110. ACM (2005)
Colesky, M., Caiza, J.C., Alamo, J.M.D., Hoepman, J.H., Martín, Y.S.: A system of privacy patterns for user control. In: SAC 2018. ACM Press (2018)
van Eck, M.L., Lu, X., Leemans, S.J.J., van der Aalst, W.M.P.: \(PM^2\): a process mining project methodology. In: Zdravkovic, J., Kirikova, M., Johannesson, P. (eds.) CAiSE 2015. LNCS, vol. 9097, pp. 297–313. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-19069-3_19
Union, E.: Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR). Off. J. Eur. Union L119, 1–88 (2016)
Feltus, C., Grandry, E., Kupper, T., Colin, J.N.: Model-driven approach for privacy management in business ecosystem. In: 5th International Conference on Model-Driven Engineering and Software Development, pp. 392–400. INSTICC, SciTePress (2017)
Grace, P., Surridge, M.: Towards a model of user-centered privacy preservation. In: International Conference on Availability, Reliability and Security (ARES), p. 91. ACM (2017)
Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_38
IEEE: Standard for extensible event stream (XES) for achieving interoperability in event logs and event streams. Standard, IEEE (2016)
Liu, C., Duan, H., Zeng, Q., Zhou, M., Lu, F., Cheng, J.: Towards comprehensive support for privacy preservation cross-organization business process mining. IEEE Trans. Serv. Comput. (2016). https://ieeexplore.ieee.org/document/7590148
Mannhardt, F., Bovo, R., Oliveira, M.F., Julier, S.: A taxonomy for combining activity recognition and process discovery in industrial environments. In: Yin, H., Camacho, D., Novais, P., Tallón-Ballesteros, A.J. (eds.) IDEAL 2018. LNCS, vol. 11315, pp. 84–93. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03496-2_10
Mannhardt, F., Petersen, S., Fradinho Duarte de Oliveira, M.: Privacy challenges for process mining in human-centered industrial environments. In: Intelligent Environments 2018. IEEE Xplore (2018)
Michael, J., Steinberger, C.: Context modeling for active assistance. In: ER Forum and the ER Demo Track, CEUR Workshop Proceedings, vol. 1979, pp. 221–234 (2017)
Rozinat, A.: Process Mining: Conformance and Extension. Ph.D. thesis, Eindhoven University of Technology, Eindhoven (2010)
Rozinat, A., Günther, C.W.: Privacy, Security and Ethics in Process Mining. Technical reports, Fluxicon (2016). https://bit.ly/2QZ9Pxk
Stocker, T., Accorsi, R.: Secsy: A security-oriented tool for synthesizing process event logs. In: Proceedings of the BPM Demo Sessions 2014, p. 71 (2014)
Wang, L., Wijesekera, D., Jajodia, S.: A logic-based framework for attribute based access control. In: FMSE 2004, pp. 45–55. ACM (2004)
Xu, L., Jiang, C., Qian, Y., Ren, Y.: The Conflict between big data and individual privacy. Data Privacy Games, pp. 1–43. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-77965-2_1
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Michael, J., Koschmider, A., Mannhardt, F., Baracaldo, N., Rumpe, B. (2019). User-Centered and Privacy-Driven Process Mining System Design for IoT. In: Cappiello, C., Ruiz, M. (eds) Information Systems Engineering in Responsible Information Systems. CAiSE 2019. Lecture Notes in Business Information Processing, vol 350. Springer, Cham. https://doi.org/10.1007/978-3-030-21297-1_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-21297-1_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-21296-4
Online ISBN: 978-3-030-21297-1
eBook Packages: Computer ScienceComputer Science (R0)