Authors:
Evelyn Zuidema-Tempel
1
;
Faiza Bukhsh
2
;
Robin Effing
3
and
Jos van Hillegersberg
3
Affiliations:
1
Research Group Digital Intelligence & Business, Saxion University of Applied Sciences, M. H. Tromplaan 28, Enschede, The Netherlands
;
2
Faculty of Electrical Engineering, Mathematics and Computer Science, University of Twente, Drienerlolaan 5, Enschede, The Netherlands
;
3
Faculty of Behavioural, Management and Social Sciences, University of Twente, Drienerlolaan 5, Enschede, The Netherlands
Keyword(s):
Process Mining, Privacy, Perceived Privacy, Process Model Abstraction, BPM, GDPR.
Abstract:
Despite the existence of various methods and abstraction techniques to reduce the privacy risk of process models generated by process mining algorithms, it is unclear how process mining stakeholders perceive privacy violations. In this pilot-study various process model visualisations were shown to 6 stakeholders of a travel expense claim process. While changing the abstraction levels of these visualisations, the stakeholders were asked whether they perceived a violation of their privacy. The results show that there are differences in how individual stakeholders perceive privacy violations of process models generated via process mining algorithms. Results differ per type of visualization, type of privacy risk reducing methods, changes of abstraction level and stakeholder role. To reduce the privacy risk, the interviewees suggested to include an authorization table in the process mining tool, communicate the goal of the analysis with all stakeholders, and validate the analysis with a p
rivacy officer. It is suggested that future research focuses on discussing and validating process visualisations and privacy risk reducing methods and techniques with various process mining stakeholders in organisations. This is expected to reduce perceived violations and prevents developing techniques that are aimed at reducing privacy risk but are not considered as such by stakeholders.
(More)