Mine Me but Don't Single Me Out: Differentially Private Event Logs for Process Mining

TL;DR

This paper introduces a differentially private method for anonymizing event logs used in process mining, balancing privacy guarantees with data utility through oversampling and noise addition, validated on real-life logs.

Contribution

It proposes a novel differentially private mechanism for event log anonymization that ensures privacy without significantly compromising data utility.

Findings

Effective privacy guarantees achieved with minimal utility loss

Method demonstrates computational efficiency on real-world logs

Applicable to customer-facing process data with privacy concerns

Abstract

The applicability of process mining techniques hinges on the availability of event logs capturing the execution of a business process. In some use cases, particularly those involving customer-facing processes, these event logs may contain private information. Data protection regulations restrict the use of such event logs for analysis purposes. One way of circumventing these restrictions is to anonymize the event log to the extent that no individual can be singled out using the anonymized log. This paper addresses the problem of anonymizing an event log in order to guarantee that, upon disclosure of the anonymized log, the probability that an attacker may single out any individual represented in the original log, does not increase by more than a threshold. The paper proposes a differentially private disclosure mechanism, which oversamples the cases in the log and adds noise to the timestamps to the extent required to achieve the above privacy guarantee. The paper reports on an empirical evaluation of the proposed approach using 14 real-life event logs in terms of data utility loss and computational efficiency.