Business & Information Systems Engineering

Document Type

Research Paper


Privacy regulations for data can be regarded as amajor driver for data sovereignty measures. A specificexample for this is the case of event data that is recorded byinformation systems during the processing of entities indomains such as e-commerce or health care. Since suchdata, typically available in the form of event log files,contains personalized information on the specific processedentities, it can expose sensitive information that may betraced back to individuals. In recent years, a plethora ofmethods have been developed to analyse event logs underthe umbrella of process mining. However, the impact ofprivacy regulations on the technical design as well as theorganizational application of process mining has beenlargely neglected. This paper set out to develop a protec-tion model for event data privacy which applies the well-established notion of differential privacy. Starting fromcommon assumptions about the event logs used in processmining, this paper presents potential privacy leakages andmeans to protect against them. The paper also shows atwhich stages of privacy leakages a protection model forevent logs should be used. Relying on this understanding,the notion of differential privacy for process discoverymethods is instantiated, i.e., algorithms that aim at theconstruction of a process model from an event log. Thegeneral feasibility of our approach is demonstrated by itsapplication to two publicly available real-life events logs.