PE-BPMN gives rise to binary privacy analysis and allows to differentiate between data that has some form of protection and data that does not.

Simple disclosure report is a table where columns are data objects from the process and rows are the stakeholders (lanes). Each cell is marked either V (visible), H (hidden) or -. Marking - means that this stakeholder does not see this data object in the process. On the other hand V means that the contents of this data are fully visible to the stakeholder. H is the middle ground denoting that the participant has the data object, but it has a form of protection on it. For example, a ciphertext will be denoted with H in our table.

We are also planning to add a marker A (accessible) for data that could be opened by the stakeholder, but is not opened directly in the process.

Simple data dependency gives the data dependency matrix of the model. The relations described there are either straightforward from the model data associations or result of collaborative tasks with collaborative stereotypes.

We can enhance the simple disclosure with the data dependency to arrive at an extended simple disclosure report. In addition to the visibility this allows to get a glimpse of the consequences of some data becoming visible for some party. Essentially, for any marker V in the simple disclosure we look at the data dependency to see which data this object depends on. Making this data visible to some party has a risk of leaking something about the data that it depends on. Other layers of analysis, e.g. leaks-when and sensitivity analysis can then be used to study this risk in more detail.