Abstract
Event logs recorded during the execution of business processes
constitute a valuable source of information. Applying process mining
techniques to them, event logs may reveal the actual process execution
and enable reasoning on quantitative or qualitative process properties.
However, event logs often contain sensitive information that could
be related to individual process stakeholders through background information
and cross-correlation. We therefore argue that, when publishing
event logs, the risk of such re-identification attacks must be considered.
In this paper, we show how to quantify the re-identification risk with
measures for the individual uniqueness in event logs. We also report on a
large-scale study that explored the individual uniqueness in a collection
of publicly available event logs. Our results suggest that potentially up to
all of the cases in an event log may be re-identified, which highlights the
importance of privacy-preserving techniques in process mining.
constitute a valuable source of information. Applying process mining
techniques to them, event logs may reveal the actual process execution
and enable reasoning on quantitative or qualitative process properties.
However, event logs often contain sensitive information that could
be related to individual process stakeholders through background information
and cross-correlation. We therefore argue that, when publishing
event logs, the risk of such re-identification attacks must be considered.
In this paper, we show how to quantify the re-identification risk with
measures for the individual uniqueness in event logs. We also report on a
large-scale study that explored the individual uniqueness in a collection
of publicly available event logs. Our results suggest that potentially up to
all of the cases in an event log may be re-identified, which highlights the
importance of privacy-preserving techniques in process mining.