the activity attribute may contain a confidential activity name that must not be exposed. Respect for privacy when analyzing personal data is also dictated by regulations, e.g., the European General Data Protection Regulation (GDPR)1. Such legitimate and ethical requirements have recently resulted in more attention to privacy and confidentiality issues in process mining [ 2, 3, 4, 5 ]. Some tools have also been introduced to provide specific privacy/confidentiality requirements [ 6, 7, 8 ].

Figure 1 shows the general overview of privacy-related activities in process mining including Privacy-Preserving Data Publishing (PPDP), Privacy-Preserving Process Mining (PPPM), and Privacy Analysis (PrAn). PPDP tries to obscure the identity and/or sensitive data of individuals to preserve their privacy. PPDP techniques often apply one or more anonymization operations, e.g., suppression, generalization, etc., to provide the desired privacy requirements. PPPM intends to expand existing process mining algorithms to cope with intermediate results, so-called abstractions [ 9 ], generated by some PPDP techniques. Note that PPPM algorithms are Figure 1: The general overview of privacyclosely linked with the corresponding PPDP related activities in process mining. approaches, and PPPM may refer to the entire privatization process, starting with an event log and finishing with process mining findings. PrAn, indicated with dashed lines in Figure 1, includes two types of activities: risk analysis and utility analysis. Both PrAn activities could be done for data and results. In this paper, we introduce a tool, named PC4PM, mainly focusing on the activities indicated by the check-boxes in Figure 1. PC4PM is the successor of the privacy tool introduced in [ 7 ], and it ofers new privacy preservation techniques, privacy analysis, a set of anonymization operations, and user guidance that directs users to the right techniques based on their requirements. In the rest of the paper, we demonstrate the functionality and characteristics of PC4PM. We also describe the maturity and availability of the tool.

PC4PM is implemented in Python using Django framework2. Figure 2 shows a high-level view of the architecture. PC4PM includes eight main Django applications and each application provides at least one main privacy-related activity implemented as a Python package. The Django templates, accessible from any web browser, provide a web interface for the applications. Implementing each technique as an independent Django application enables users to simultaneously run diferent techniques on event logs. Such architecture makes the process of maintenance and 1http://data.europa.eu/eli/reg/2016/679/oj 2https://www.djangoproject.com/ integration simple. To integrate new techniques, one can create a Python package and integrate it as an independent application. Moreover, Python packages can independently be imported into other Python-based tools.

Figure 3 shows the home page of PC4PM. The left menu shows the main Django applications including event data management, privacy-aware role mining, connector method, TLKC-privacy, TLKC-privacy extended, anonymization operations, PRIPEL, and privacy analysis. The event data management application manages both standard XES event logs and non-standard event data, called event log abstraction [ 9 ]. The privacyaware role mining application implements the decomposition method, proposed in [ 10 ], to discover roles from event logs while preserving privacy. This method Figure 2: The architecture of PC4PM. perturbs the frequency of activities in an event log to eliminate frequency-based attacks. The connector method is an encryption-based method for securely discovering directly follows graphs from event logs. This method breaks down traces into a collection of directly follows relations to prevent linkage attacks.

The TLKC-privacy application implements the TLKC-privacy model providing group-based privacy guarantees for process discovery and performance analysis. The TLKC-privacy extended application extends the TLKC-privacy model and considers all the main perspectives of process mining [ 3 ]. The anonymization operation application, implements all the main anonymization operations proposed in [ 9 ] including suppression, addition, substitution, condensation, swapping, generalization, and cryptography.

The PRIPEL application presents the PRIPEL method [ 2 ] which applies the no- Figure 3: The home page of PC4PM. tion of diferential privacy to provide privacy guarantees for event logs. The privacy analysis application includes three components for analyzing disclosure risks, data utility [ 11 ], and FCB-anonymity [ 12 ].

PC4PM supports users with a four-step user guide to help them choose the right technique(s) based on their needs. The user guidance works based on a four-dimension signature assigned to each technique. The signature reflects the following aspects: process mining perspective (PMPS), process mining activity (PMAC), privacy perspective (PRPS), and privacy activity (PRAC). PMPS indicates the process mining perspective that a privacy technique focuses on, e.g., control-flow. PMAC shows the process mining activity, e.g, process discovery, for which the utility of event data is preserved. PRPS shows the privacy perspective of a privacy technique, i.e., resource or case. PRAC indicates the main privacy-related activity of a privacy preservation technique, i.e., PPDP, PPPM, or PrAn. Moreover, PC4PM helps users with help tooltips provided for the parameters used by techniques. PC4PM also inherits all the characteristics of its predecessor [ 7 ]. Some of those are as follows: (1) Each Django application provides the results in an independent output section, (2) It enables a cycle of privacy/confidentiality preservation techniques such that the results from one technique can be added to the event data repository and used as an input for other techniques, (3) The privacy metadata [ 9 ] which specify the order and type of the main anonymization operations are added to anonymized event logs.

The source code, a screencast, a user manual, and all other resources are available in our GitHub repository: https://github.com/m4jidRafiei/PC4PM. Each privacy/confidentiality Python package is linked to a separate GitHub project. The main GitHub project contains links to all those projects. In the corresponding GitHub project of each privacy/confidentiality Python package, one can find the name of the Python package, the link to the main paper, and a sample source code that shows the usage. In terms of performance and time complexity, each privacy preservation technique which is linked to a Django application behaves diferently w.r.t. the size of the input event log. Based on our experiments, the applications are able to handle real-world event logs, e.g., BPI challenge datasets: https://data.4tu.nl/. Moreover, all the complicated and time-consuming functions, developed in the Python packages, have a parameter to be run using multi-processing which is enabled by default. In this case, the input event log is divided into smaller pieces w.r.t. the cores of the processor hosting PC4PM. PC4PM is provided as a Docker container that can simply be hosted by users: https://hub.docker.com/r/m4jid/pc4pm. The Docker usage is also explained in the GitHub repository.

In this paper, we introduced a tool for publishing event data w.r.t. privacy concerns. Our webbased tool is mainly focused on privacy-/confidentiality-preserving data publishing and privacy analysis considering both data utility and disclosure risk analyses. PC4PM can be considered as a sanitizer that provides sanitized event logs that can be used by any process mining tool. The architecture has been designed in such a way that other privacy preservation techniques can easily be integrated, e.g., we integrated PRIPEL as an external library. The goal of PC4PM is to provide a comprehensive set of techniques that can cover all the aspects of privacy-related activities for diferent perspectives of process mining. We invite other researchers to integrate their solutions as independent applications into the provided framework.

Funded under the Excellence Strategy of the Federal Government and the Länder. We also thank the Alexander von Humboldt (AvH) Stiftung for supporting our research.