2 research outputs found
Quantifying the Re-identification Risk of Event Logs for Process Mining
Event logs recorded during the execution of business processes constitute a
valuable source of information. Applying process mining techniques to them,
event logs may reveal the actual process execution and enable reasoning on
quantitative or qualitative process properties. However, event logs often
contain sensitive information that could be related to individual process
stakeholders through background information and cross-correlation. We therefore
argue that, when publishing event logs, the risk of such re-identification
attacks must be considered. In this paper, we show how to quantify the
re-identification risk with measures for the individual uniqueness in event
logs. We also report on a large-scale study that explored the individual
uniqueness in a collection of publicly available event logs. Our results
suggest that potentially up to all of the cases in an event log may be
re-identified, which highlights the importance of privacy-preserving techniques
in process mining.Comment: Accepted to CAiSE-202