Skip to main content
SpringerLink
Log in

Data Minimisation as Privacy and Trust Instrument in Business Processes

  • Conference paper
  • First Online:
Business Process Management Workshops (BPM 2020)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 397))

Included in the following conference series:

  • 1219 Accesses

Abstract

Data is vital for almost all sorts of business processes and workflows. However, the possession of personal data of other beings bear consequences. Data is prone to abuses through the exposure to adversaries in case of data breaches or insider’s illegitimate access and processing, hence adding to customer distrust. The data minimisation principle of the General Data Protection Regulation (GDPR), as a proactive approach, requires the collection of personal data to be limited to what is necessary for the legitimate processing purpose(s). Data degradation advocates for periodic inter-process data minimisation in a multi-process environment. In this context, we are proposing intra-process data degradation as a continuous data minimisation function during the process life. In our solution, the granularity or the information level of the process data is reduced at suitable instances in the process life to the minimum sufficient level for a successful completion of the remaining process. We devise three effective data degradation policies to realise and guide intra-process data degradation in business processes. We show through a proof-of-concept implementation the applicability of the introduced concept and the effectiveness of one of the policies. Our proposed approach intrinsically reduces privacy infringement damages which contribute to end-users trust in the processes.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    www.thesun.co.uk/money/11657383/easyjet-hacked-cyber-attack-customer-data.

  2. 2.

    https://www.compliancehome.com/dutch-dpa-gdpr-fine-haga-hospital.

  3. 3.

    www.egnyte.com/blog/2017/06/how-much-does-a-data-breach-cost-a-business.

  4. 4.

    https://www.camunda.com.

  5. 5.

    https://surfdrive.surf.nl/files/index.php/s/E7mU4UQCLffmyoQ.

References

  1. BPR4GDPR EU H2020 Project. https://www.bpr4gdpr.eu

  2. Agostinelli, S., Maggi, F.M., Marrella, A., Sapio, F.: Achieving GDPR compliance of BPMN process models. In: International Conference on AISE, pp. 10–22 (2019)

    Google Scholar 

  3. Anciaux, N., Bouganim, L., Van Heerde, H., Pucheral, P., Apers, P.: The life-cycle policy model. Rapport de recherche (2008)

    Google Scholar 

  4. Anciaux, N., Bouganim, L., Van Heerde, H., Pucheral, P., Apers, P.M.: Data degradation: Making private data less sensitive over time. In: Proceedings CIKM 2008, pp. 1401–1402 (2008)

    Google Scholar 

  5. Anciaux, N., Bouganim, L., Van Heerde, H., Pucheral, P., Apers, P.M.: Instantdb: enforcing timely degradation of sensitive data. In: ICDE, pp. 1373–1375 (2008)

    Google Scholar 

  6. Geambasu, R., Kohno, T., Levy, A.A., Levy, H.M.: Vanish: increasing data privacy with self-destructing data. In: USENIX, vol. 316 (2009)

    Google Scholar 

  7. Hassani, M.: Concept drift detection of event streams using an adaptive window. In: International ECMS Conference on Modelling and Simulation, pp. 230–239 (2019)

    Google Scholar 

  8. Hassani, M.: Overview of efficient clustering methods for high-dimensional big data streams. In: Nasraoui, O., Ben N’Cir, C.-E. (eds.) Clustering Methods for Big Data Analytics. USL, pp. 25–42. Springer, Cham (2019). https://doi.org/10.1007/978-3-319-97864-2_2

    Chapter  Google Scholar 

  9. van Heerde, H., Anciaux, N., Fokkinga, M., Apers, P.M.: Exploring personalized life cycle policies. CTIT Technical Report Ser. (Supplement/TR-CTIT-07-85) (2007)

    Google Scholar 

  10. Hilderman, R.J., Hamilton, H.J., Cercone, N.: Data mining in large databases using domain generalization graphs. JIIS 13(3), 195–234 (1999)

    Google Scholar 

  11. Pearson, S., Casassa-Mont, M.: Sticky policies: an approach for managing privacy across multiple parties. Computer 44(9), 60–68 (2011)

    Article  Google Scholar 

  12. Rosemann, M.: Trust-aware process design. In: BPM, pp. 305–321 (2019)

    Google Scholar 

  13. Samarati, P.: Protecting respondents identities in microdata release. IEEE TKDE 13(6), 1010–1027 (2001)

    Google Scholar 

  14. Terragni, A., Hassani, M.: Optimizing customer journey using process mining and sequence-aware recommendation. In: SAC 2019, pp. 57–65 (2019)

    Google Scholar 

  15. Zaman, R., Hassani, M.: On enabling GDPR compliance in business processes through data-driven solutions. SN Computer Science 1(4), 1–15 (2020)

    Article  Google Scholar 

Download references

Acknowledgments

The authors of the paper have received funding within the BPR4GDPR [1] project from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787149.

Author information

Authors and Affiliations

  1. Process Analytics Group, Faculty of Mathematics and Computer Science, Eindhoven University of Technology, Eindhoven, The Netherlands

    Rashid Zaman, Marwan Hassani & Boudewijn F. van Dongen

Authors
  1. Rashid Zaman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marwan Hassani
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Boudewijn F. van Dongen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rashid Zaman .

Editor information

Editors and Affiliations

  1. Universidad de Sevilla, Seville, Spain

    Adela Del Río Ortega

  2. Kühne Logistics University, Hamburg, Germany

    Henrik Leopold

  3. Universidade do Estado do Rio de Janeiro – UERJ, Rio de Janeiro, Brazil

    Flávia Maria Santoro

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zaman, R., Hassani, M., van Dongen, B.F. (2020). Data Minimisation as Privacy and Trust Instrument in Business Processes. In: Del Río Ortega, A., Leopold, H., Santoro, F.M. (eds) Business Process Management Workshops. BPM 2020. Lecture Notes in Business Information Processing, vol 397. Springer, Cham. https://doi.org/10.1007/978-3-030-66498-5_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-66498-5_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-66497-8

  • Online ISBN: 978-3-030-66498-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation