Abstract
Data is vital for almost all sorts of business processes and workflows. However, the possession of personal data of other beings bear consequences. Data is prone to abuses through the exposure to adversaries in case of data breaches or insider’s illegitimate access and processing, hence adding to customer distrust. The data minimisation principle of the General Data Protection Regulation (GDPR), as a proactive approach, requires the collection of personal data to be limited to what is necessary for the legitimate processing purpose(s). Data degradation advocates for periodic inter-process data minimisation in a multi-process environment. In this context, we are proposing intra-process data degradation as a continuous data minimisation function during the process life. In our solution, the granularity or the information level of the process data is reduced at suitable instances in the process life to the minimum sufficient level for a successful completion of the remaining process. We devise three effective data degradation policies to realise and guide intra-process data degradation in business processes. We show through a proof-of-concept implementation the applicability of the introduced concept and the effectiveness of one of the policies. Our proposed approach intrinsically reduces privacy infringement damages which contribute to end-users trust in the processes.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
References
BPR4GDPR EU H2020 Project. https://www.bpr4gdpr.eu
Agostinelli, S., Maggi, F.M., Marrella, A., Sapio, F.: Achieving GDPR compliance of BPMN process models. In: International Conference on AISE, pp. 10–22 (2019)
Anciaux, N., Bouganim, L., Van Heerde, H., Pucheral, P., Apers, P.: The life-cycle policy model. Rapport de recherche (2008)
Anciaux, N., Bouganim, L., Van Heerde, H., Pucheral, P., Apers, P.M.: Data degradation: Making private data less sensitive over time. In: Proceedings CIKM 2008, pp. 1401–1402 (2008)
Anciaux, N., Bouganim, L., Van Heerde, H., Pucheral, P., Apers, P.M.: Instantdb: enforcing timely degradation of sensitive data. In: ICDE, pp. 1373–1375 (2008)
Geambasu, R., Kohno, T., Levy, A.A., Levy, H.M.: Vanish: increasing data privacy with self-destructing data. In: USENIX, vol. 316 (2009)
Hassani, M.: Concept drift detection of event streams using an adaptive window. In: International ECMS Conference on Modelling and Simulation, pp. 230–239 (2019)
Hassani, M.: Overview of efficient clustering methods for high-dimensional big data streams. In: Nasraoui, O., Ben N’Cir, C.-E. (eds.) Clustering Methods for Big Data Analytics. USL, pp. 25–42. Springer, Cham (2019). https://doi.org/10.1007/978-3-319-97864-2_2
van Heerde, H., Anciaux, N., Fokkinga, M., Apers, P.M.: Exploring personalized life cycle policies. CTIT Technical Report Ser. (Supplement/TR-CTIT-07-85) (2007)
Hilderman, R.J., Hamilton, H.J., Cercone, N.: Data mining in large databases using domain generalization graphs. JIIS 13(3), 195–234 (1999)
Pearson, S., Casassa-Mont, M.: Sticky policies: an approach for managing privacy across multiple parties. Computer 44(9), 60–68 (2011)
Rosemann, M.: Trust-aware process design. In: BPM, pp. 305–321 (2019)
Samarati, P.: Protecting respondents identities in microdata release. IEEE TKDE 13(6), 1010–1027 (2001)
Terragni, A., Hassani, M.: Optimizing customer journey using process mining and sequence-aware recommendation. In: SAC 2019, pp. 57–65 (2019)
Zaman, R., Hassani, M.: On enabling GDPR compliance in business processes through data-driven solutions. SN Computer Science 1(4), 1–15 (2020)
Acknowledgments
The authors of the paper have received funding within the BPR4GDPR [1] project from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787149.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Zaman, R., Hassani, M., van Dongen, B.F. (2020). Data Minimisation as Privacy and Trust Instrument in Business Processes. In: Del RÃo Ortega, A., Leopold, H., Santoro, F.M. (eds) Business Process Management Workshops. BPM 2020. Lecture Notes in Business Information Processing, vol 397. Springer, Cham. https://doi.org/10.1007/978-3-030-66498-5_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-66498-5_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-66497-8
Online ISBN: 978-3-030-66498-5
eBook Packages: Computer ScienceComputer Science (R0)