Abstract. We propose the use of process-based access-control methods in the construction of privacy governance systems. Access constraints are specified by policies, but the governance model thus created is prone to interactions and inconsistencies. We show how UML can be used in order to represent the model and how the language Alloy and its model analyzer can be used to formally specify it and to detect interactions and inconsistencies. Examples are taken from the area of banking.

Keywords. Privacy, Business Process, Access Control, Interactions, Alloy, Model analysis, Formal Techniques.