Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Building Enterprise Applications Using Unicorn Universe Services Read chapter Read first chapter

2015 | OriginalPaper | Chapter

BPM Supported Privacy by Design for Cross-Organization Business Processes

Authors : Jovan Stevovic, Paolo Sottovia, Maurizio Marchese, Giampaolo Armellin

Published in: Service-Oriented Computing - ICSOC 2014 Workshops

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Satisfying privacy related obligations within IT systems that involve multiple organizations is one of the most important, yet challenging tasks in security engineering. When systems involve multiple actors, resources and computing devices, identifying data flows, actors’ liabilities and accesses on data become fundamental requisites for taking appropriate design choices to preserve privacy. To facilitate these tasks, principles such as Privacy by Design have been proposed. However, applying such principles implies rethinking the whole project development lifecycle in order to fulfil at the same time privacy, technical and administrative requirements from early stages of systems design.
This paper reports our work on a project undertaken by the Province of Trento (Italy) on integrating social, health and other assistance services for elders. Within the project, we used business processes to support systems’ design and development, from analysis to execution, while at the same time fulfilling privacy related objectives. Specifically, we show how by modelling cross-organization processes and by focusing on involved actors and managed resources, we can provide the necessary tools to involve analysts, designers, project managers and privacy experts during systems’ design and support them to satisfy both privacy and technical requirements. The resulting process models are also used for partial automation and integration of involved services.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Virtualizing Communication for Hybrid and Diversity-Aware Collective Adaptive Systems
next chapter Learning ‘Good Quality’ Resource Allocations from Historical Data
Literature
1.
2.
3.
Barth, A., Mitchell, J.C., Datta, A., Sundaram, S.: Privacy and utility in business processes. CSF 7, 279–294 (2007)
4.
Bellamy, R.K., Erickson, T., Fuller, B., Kellogg, W.A., Rosenbaum, R., Thomas, J.C., Vetting Wolf, T.: Seeing is believing: designing visualizations for managing risk and compliance. IBM Syst. J. 46(2), 205–218 (2007)CrossRef
5.
Cavoukian, A.: Privacy by Design. Take the Challenge. Information and Privacy Commissioner of Ontario, Canada (2009)
6.
de la Vara, J.L., Sánchez, J., Pastor, Ó.: Business process modelling and purpose analysis for requirements analysis of information systems. In: Bellahsène, Z., Léonard, M. (eds.) CAiSE 2008. LNCS, vol. 5074, pp. 213–227. Springer, Heidelberg (2008)CrossRef
7.
European Parliament and Council: Directive 95/46/EC: directive on protection of individuals with regard to the processing of personal data and on the free movement of such data (1995)
8.
European Parliament and Council: Proposal for a regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (2014)
9.
Himma, K.E., Tavani, H.T.: The Handbook of Information and Computer Ethics. Wiley, Hoboken (2008)CrossRef
10.
Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IFIP AICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014)CrossRef
11.
Hoffmann, J., Weber, I., Governatori, G.: On compliance checking for clausal constraints in annotated process models. Inf. Syst. Front. 14(2), 155–177 (2012)CrossRef
12.
Italian Data Protection Authority: Personal Data Protection Code. Legislative Decree no. 196, 30 June 2003
13.
Italian Ministry of Innovation and Technology: InFSE: Technical Infrastructure for Electronical Health Record Systems, v. 1.2 Legislative Decree no. 196/2003 (2012)
14.
Küster, J.M., Ryndina, K., Gall, H.C.: Generation of business process models for object life cycle compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 165–181. Springer, Heidelberg (2007)CrossRef
15.
Le Métayer, D.: Privacy by design: a matter of choice. In: Gutwirth, S., Poullet, Y., De Hert, P. (eds.) Data Protection in a Profiled World, pp. 323–334. Springer, Netherlands (2010)CrossRef
16.
Lu, R., Sadiq, S.K., Governatori, G.: Compliance aware business process design. In: ter Hofstede, A.H.M., Benatallah, B., Paik, H.-Y. (eds.) BPM Workshops 2007. LNCS, vol. 4928, pp. 120–131. Springer, Heidelberg (2008)CrossRef
17.
OMG: Business Process Model and Notation (BPMN) v2.0 specification (2011)
18.
Pavlovski, C.J., Zou, J.: Non-functional requirements in business process modeling. In: Asia-Pacific conference on Conceptual Modelling, vol. 79, pp. 103–112. Australian Computer Society (2008)
19.
Redding, G., Dumas, M., ter Hofstede, A.H.M., Iordachescu, A.: Reconciling object-oriented and process-oriented approaches to information systems engineering. In: Proceedings of the 3rd International Workshop on Business Process Design (2007)
20.
21.
Stevovic, J., Bassi, E., Giori, A., Casati, F., Armellin, G.: Enabling privacy by design in medical records sharing. In: Proceedings of Computers, Privacy and Data Protection (CPDP) Reforming Data Protection: The Global Perspective. Springer, Netherlands (2014)
22.
Stevovic, J., Li, J., Motahari-Nezhad, H.R., Casati, F., Armellin, G.: Business process management enabled compliance–aware medical record sharing. Int. J. Bus. Proc. Integr. Manage. 6(3), 201–223 (2013)CrossRef
23.
24.
Wolter, C., Meinel, C.: An approach to capture authorisation requirements in business processes. Requirements Eng. 15(4), 359–373 (2010)CrossRef
25.
Wright, D., de Hert, P.: Privacy Impact Assessment, vol. 6. Springer, Heidelberg (2012)CrossRef
Metadata
Title
BPM Supported Privacy by Design for Cross-Organization Business Processes
Authors
Jovan Stevovic
Paolo Sottovia
Maurizio Marchese
Giampaolo Armellin
Copyright Year
2015
Book
Service-Oriented Computing - ICSOC 2014 Workshops

Print ISBN: 978-3-319-22884-6

Electronic ISBN: 978-3-319-22885-3

Copyright Year: 2015

DOI
https://doi.org/10.1007/978-3-319-22885-3_7

Premium Partner

    Image Credits