Mozafari Mehr, A., Medeiros de Carvalho, R., & van Dongen, B. F. (2021). Detecting Privacy, Data and Control-Flow Deviations in Business Processes. In S. Nurcan, & A. Korthaus (Eds.), Intelligent Information Systems – CAiSE Forum 2021, Proceedings (pp. 82-91). (Lecture Notes in Business Information Processing; Vol. 424 LNBIP). Springer. https://doi.org/10.1007/978-3-030-79108-7_10
Existing access control mechanisms are not sufficient for data protection. They are only preventive and cannot guarantee that data is accessed for the intended purpose. This paper proposes a novel approach for multi-perspective conformance checking which considers the control-flow, data and privacy perspectives of a business process simultaneously to find the context in which data is processed. In addition to detecting deviations in each perspective, the approach is able to detect hidden deviations where non-conformity relates to either a combination of two or all three aspects of a business process. The approach has been implemented in the open source ProM framework and was evaluated through controlled experiments using synthetic logs of a simulated real-life process.