Privacy Infringement Severity


Privacy Infringement Severity is a ProM plug-in developed to aid auditors in ensuring privacy compliance. It requires a business process model and an event log as inputs. These two inputs represent the intended behaviour of a system, respectively the actual behaviour. Given background knowledge on the tasks, user roles, reputation and data items used in the system, the tool is able to identify and quantify privacy infringements that may have occurred during the execution of the business process. This way auditors can prioritize the severity of different infringements and address the most important issues in the limited time they have available to perform a privacy audit.


  1. The plu-in is available on Assembla SVN
  2. User Manual



  1. Banescu, Sebastian, and Nicola Zannone. Measuring privacy compliance with process specifications. Proceedings of the 3rd International Workshop on Security Measurements and Metrics (MetriSec 2011), pages 41-50, 2011. IEEE Computer Society.
  2. Banescu, Sebastian, Milan Petković, and Nicola Zannone. Measuring Privacy Compliance Using Fitness Metrics. Proceedings of the 10th International Conference on Business Process Management (BPM 2012), LNCS 7481, pages 114-119, 2012. Springer.
  3. Sebastian Banescu. Decision Support for Privacy Auditing. Master Thesis. Eindhoven University of Technology. 2012