Re: Saymine Technologies (Mine) and requests to erase all personal data

["Lovaas,Steven" <Steven.Lovaas () COLOSTATE EDU>]

Regarding the more general case being discussed here, we decided not to re-invent the wheel. An EU project called the 
Horizon 2020 Framework Programme developed a template for right-to-erasure requests, to support the completely 
reasonable desire to make sure a request comes from a person who's really requesting it (despite being submitted by a 
third party), and to support gathering any additional data needed to pursue the request.

https://gdpr.eu/right-to-erasure-request-form/

We send this whenever we receive a removal request, whether from an individual or from a service. So far, nobody has 
followed up with us.

Steve

================================
Steven Lovaas
University Information Security Officer
Colorado State University
steven.lovaas () colostate edu<mailto:steven.lovaas () colostate edu>
970-297-3707
Mit der Dummheit kämpfen Götter selbst vergebens.
================================
________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Darren Morris 
<0000010f2d127348-dmarc-request () LISTSERV EDUCAUSE EDU>
Sent: Monday, February 3, 2020 2:12 PM
To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Saymine Technologies (Mine) and requests to erase all personal data


I have received two requests from Saymine in the last 2 weeks for individuals who were students but it did raise the 
same questions about 3rd parties acting on behalf data subjects.



The advice we received indicated that it was a request in the right form and could/should be actioned.



However questions of the data subjects eligibility has arisen as both appear to reside outside of the EU. The question 
then was what dialogue should we enter into with Saymine to establish eligibility.



I agree it is does good practice for dealing with GDPR requests.





Darren Morris |  Chief Information Officer | Information Services

Melbourne Business School
200 Leicester Street, Carlton, Victoria 3053, Australia
T: 03 9349 8198

Email: d.morris () mbs edu<mailto:d.morris () mbs edu>




From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Adam Menos
Sent: Tuesday, 4 February 2020 3:43 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Saymine Technologies (Mine) and requests to erase all personal data



CAUTION: This email originated from outside of Melbourne Business School. Do not click links or open attachments unless 
you recognize the sender and know the content is safe. If in doubt, please forward suspicious emails to someone () 
somewhere com<mailto:someone () somewhere com>






________________________________



We did a couple weeks ago and to be honest I did not like the idea of having a 3rd party "acting on behalf" of an 
individual for a data erase request.

Also, I do not know if using a 3rd party is even a proper mechanism to request ones data to be erased.

Then comes the question of transcripts..if this person was a student ?



Long story short, we did our due diligence and did not find the person in question in our records, I never did reply 
back to Mine.

If anything else it was a good exercise to see how we handled GDPR requests.



Good topic thanks for raising..



Adam Menos
Director of Information Security
116 S Michigan Ave | Chicago, IL 60603
Office: 312.499.4031
amenos () artic edu<mailto:amenos () artic edu>





On Mon, Feb 3, 2020 at 10:35 AM Pat Falcon <patricia_falcon () brown edu<mailto:patricia_falcon () brown edu>> wrote:

We had a question today from one of our administrative offices about the legitimacy of an email they received from 
Saymine (see below). While I agree that it's suspicious, Mine's 
website<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__saymine.com_about%26d%3DDwMFaQ%26c%3DFcGMiTDX8FO-KAYppnKNhFgYxz2wb40a2pni_SOyB0w%26r%3DVq9qYfqO8Vk62Gu82XKXEw%26m%3DBlF7Q7toyWjUCWxsnqtAXc6dSolqXqnC1D9QWdSl7uk%26s%3DeAQ9imn9CUlnVZOBkV3aLHn8I40vc2Ye70ZcVCYNg_Q%26e%3D&data=02%7C01%7Csteven.lovaas%40COLOSTATE.EDU%7Ca296f4d5cda44f3b87e208d7a8edc59c%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637163611498590524&sdata=B9a1Dyxh2aKo5isOLd3K8VOxwKBywNsJhOPDqxfiuFc%3D&reserved=0>
 seems to support their email. Digging a little deeper, though web searches didn't turn up much, I did find that they 
are a relatively new company, launched in the UK in late January according to Top Business 
Tech<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__tbtech.co_mine-2Dthe-2Dstart-2Dup-2Drevolutionising-2Ddata-2Downership_%26d%3DDwMFaQ%26c%3DFcGMiTDX8FO-KAYppnKNhFgYxz2wb40a2pni_SOyB0w%26r%3DVq9qYfqO8Vk62Gu82XKXEw%26m%3DBlF7Q7toyWjUCWxsnqtAXc6dSolqXqnC1D9QWdSl7uk%26s%3DgY0Ga4IMLmxXc-a-oQC7EhklKvXaaWC3T1gmbYisHbU%26e%3D&data=02%7C01%7Csteven.lovaas%40COLOSTATE.EDU%7Ca296f4d5cda44f3b87e208d7a8edc59c%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637163611498590524&sdata=U8wXZXo3KWPDVjE3ud3hT43odD0XB82l8BEy54TvT%2FI%3D&reserved=0>,
 plus Mine has a listing on 
Crunchbase<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__www.crunchbase.com_organization_saymine-2Dtechnologies-2Dmine-23section-2Doverview%26d%3DDwMFaQ%26c%3DFcGMiTDX8FO-KAYppnKNhFgYxz2wb40a2pni_SOyB0w%26r%3DVq9qYfqO8Vk62Gu82XKXEw%26m%3DBlF7Q7toyWjUCWxsnqtAXc6dSolqXqnC1D9QWdSl7uk%26s%3DvX1yVI7ynB1ka8BIm4Qe_N-1ffCrYcY9rRwZMLL08g8%26e%3D&data=02%7C01%7Csteven.lovaas%40COLOSTATE.EDU%7Ca296f4d5cda44f3b87e208d7a8edc59c%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637163611498600524&sdata=jjIOf1puprHJlNJvSIOdcBSp8eHqlaWzbOn%2BUswQKUg%3D&reserved=0>.



Has anyone else had any dealings with Mine or have any more information about them, or for that matter, received 
similar requests from others like this?



Sorry for the cross-posting but I wasn't sure which of the two lists might be more pertinent.



Pat Falcon

Computing & Information Services | Information Security Group

Brown University | Box 1885 | isg () brown edu<mailto:isg () brown edu> | she/her/hers | 401.863.9259





-------------- Original Message ---------------

From: Mine [request () saymine com<mailto:request () saymine com>]
Sent: 1/23/2020 10:27 AM
To: [redacted]
Cc:  [redacted]; request () saymine com<mailto:request () saymine com>
Subject: Data Subject Request from [redacted] under the GDPR


Data Subject Request: Brown
Request number: [redacted]


Dear Sir/Madam,

Saymine Technologies Ltd. d.b.a Mine (“Mine”), is contacting you on behalf of [redacted] (the “Data Subject”),

regarding whom personal data is processed by Brown, in connection with the exercise of the Data Subject's rights
under applicable privacy laws, including, but not limited to, the General Data Protection Regulation (“GDPR”) and the 
California
Consumer Privacy Act (“CCPA”) (collectively, “Applicable Privacy Laws”).


Background

The Data Subject registered to Brown, using the email address: [redacted]. Certain Personal Data concerning the Data 
Subject has

been and is processed by Brown, and regarding which the Data Subject is entitled and willing to exercise such rights 
granted under
the Applicable Privacy Laws.

Mine is a platform enabling users to exercise their rights in their Personal Data and facilitating the submission of 
Data Subject Requests
(“DSR”), on behalf of its users, and in accordance with applicable laws. [redacted] has registered to Mine, and has 
instructed Mine

to submit the following DSR to Brown.

Please note that any further communications with [redacted] in connection with this request,
shall be sent directly to [redacted]’s email [redacted].


Data Subject Request


1.       The Data Subject hereby requests that Brown erase any and all Personal Data
about the Data Subject it processes, without exception.

2.       Following the complete erasure of such Personal Data, please provide confirmation that the
Personal Data have been erased, without the possibility to restore or reconstruct the data,
by sending such confirmation to the Data Subject's email address at: [redacted], and copying Mine,
at request+4O2BRRI () saymine com<mailto:request%2B4O2BRRI () saymine com>

Companies interested in directing this message to a different email address
or discussing more ways of streamlining this process - contact 
us<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__u14508181.ct.sendgrid.net_wf_click-3Fupn-3DTqVUCJXeGA5WuTTUFtSdr5WRq4ozpMiOOATCjWhuiq51Uhmk1WscGURa-2D2FTrLHnSd-5F4JZHQUjYoW9jsnr2z-2D2F7DRHtq9YhBrW21sbKPLdWAkau52EYMyXSuUfEyn6ZooKyPGMseYqvuWmduuJKv5p3HAtS5FdKbPgc4-2D2B3aOOxqVZq976MEPXy6aLJI2ZzxWXb3mdOuD2m23BqRvZbRraGZ6m53jLtEDNVG8tMGh46fnjmSqHnwzxO9tzdLPILREdW8GqbZTKRhbEgE38bQRMKFJ9nZO3gPTu9riW1eT0U4ueHw-2D3D%26d%3DDwMFaQ%26c%3DFcGMiTDX8FO-KAYppnKNhFgYxz2wb40a2pni_SOyB0w%26r%3DVq9qYfqO8Vk62Gu82XKXEw%26m%3DBlF7Q7toyWjUCWxsnqtAXc6dSolqXqnC1D9QWdSl7uk%26s%3DFyqnq8WaO-kSpfyRhW6TtT5AAhZOYAeAd00tRaci4Jg%26e%3D&data=02%7C01%7Csteven.lovaas%40COLOSTATE.EDU%7Ca296f4d5cda44f3b87e208d7a8edc59c%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637163611498600524&sdata=gNy291onOBs%2FLXLrdCqketPzHr1L6Cg0B5bACX3rtb0%3D&reserved=0>


Regards,

[mine logo]

Say Mine Technologies Ltd.
23 Derech Begin
Tel Aviv-Yafo, 6618356
Israel

https://www.saymine.com/<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__u14508181.ct.sendgrid.net_wf_click-3Fupn-3DTqVUCJXeGA5WuTTUFtSdr6mUFnLyrHiomNf1Eh0tmKcrB8ZEJaduiL6YlJXnL-2D2BpiJOuTiv5YKJebWEFx5zdRkvTC6daueBuRvVEfb9o14RCBbSC3qFUvvqdRCvgFk2hNiGDiEvdAUh8MklJM-2D2FPN-2D2BSw-2D3D-2D3D-5F4JZHQUjYoW9jsnr2z-2D2F7DRHtq9YhBrW21sbKPLdWAkau52EYMyXSuUfEyn6ZooKyP7QL6v1LPIOJGn8-2D2BkzgLRQ4-2D2F-2D2FLG-2D2Blcp4RJi5JQQoJfijqs58k8svlw8tNWWDyWcoGfjNY-2D2FLfFuvYSUvTG1XyG9KP-2D2FbsLbPy8byoI1-2D2Fl-2D2Boq9eKw5lXHu1coGFGyc28rO8Sut-2D2FlEfdnzBIGwVgfuZXyHDAg-2D2BH8gmZS3EdkEDb3Dtmc-2D3D%26d%3DDwMFaQ%26c%3DFcGMiTDX8FO-KAYppnKNhFgYxz2wb40a2pni_SOyB0w%26r%3DVq9qYfqO8Vk62Gu82XKXEw%26m%3DBlF7Q7toyWjUCWxsnqtAXc6dSolqXqnC1D9QWdSl7uk%26s%3DH5vsY2Nj3Cqm4NzqP549rvm-LVy2SW5wBB6zSY_CiSs%26e%3D&data=02%7C01%7Csteven.lovaas%40COLOSTATE.EDU%7Ca296f4d5cda44f3b87e208d7a8edc59c%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637163611498610520&sdata=anptaXgcf0Oxlp%2BLcbDsTd4P%2BwKJXhm7bYQtXqvx5rk%3D&reserved=0>


Under the circumstances at hand, we believe that the Data Subject is entitled to have the personal data erased
pursuant to one or more alternatives specified in Applicable Privacy Laws, including, inter alia, Article 17(1)

of the GDPR and Section 1798.105 of the CCPA. Nothing in this email purports to exhaust any of the Data Subject's 
rights, claims, defenses or remedies.

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__www.educause.edu_community%26d%3DDwMFaQ%26c%3DFcGMiTDX8FO-KAYppnKNhFgYxz2wb40a2pni_SOyB0w%26r%3DVq9qYfqO8Vk62Gu82XKXEw%26m%3DBlF7Q7toyWjUCWxsnqtAXc6dSolqXqnC1D9QWdSl7uk%26s%3DvbVc5k9dto_dHRg8g3yx1b_S51gMxa6SvVSi_MaBVQ4%26e%3D&data=02%7C01%7Csteven.lovaas%40COLOSTATE.EDU%7Ca296f4d5cda44f3b87e208d7a8edc59c%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637163611498610520&sdata=1H4seZvTEOGBHuXrO%2BRcIMEogGWaibCD8ENfjD9YDFM%3D&reserved=0>


--

Adam Menos
Director of Information Security
116 S Michigan Ave | Chicago, IL 60603
Office: 312.499.4031
amenos () artic edu<mailto:amenos () artic edu>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__www.educause.edu_community%26d%3DDwMFaQ%26c%3DFcGMiTDX8FO-KAYppnKNhFgYxz2wb40a2pni_SOyB0w%26r%3DVq9qYfqO8Vk62Gu82XKXEw%26m%3DBlF7Q7toyWjUCWxsnqtAXc6dSolqXqnC1D9QWdSl7uk%26s%3DvbVc5k9dto_dHRg8g3yx1b_S51gMxa6SvVSi_MaBVQ4%26e%3D&data=02%7C01%7Csteven.lovaas%40COLOSTATE.EDU%7Ca296f4d5cda44f3b87e208d7a8edc59c%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637163611498620511&sdata=I8B7OWOod6ZO0qKJnpsXRA3WWnK4yU1FTSdykh%2BYZrA%3D&reserved=0>

________________________________
Notice from Melbourne Business School Ltd

The information contained in this e-mail is confidential, and is intended for the named person's use only. It may 
contain proprietary or legally privileged information. If you have received this email in error, please notify the 
sender and delete it immediately. You must not, directly or indirectly, use, disclose, distribute, print, or copy any 
part of this message if you are not the intended recipient.

Internet communications are not secure. You should scan this message and any attachments for viruses. Melbourne 
Business School does not accept any liability for loss or damage which may result from receipt of this message or any 
attachments.

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Csteven.lovaas%40COLOSTATE.EDU%7Ca296f4d5cda44f3b87e208d7a8edc59c%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637163611498620511&sdata=1XR38jWUjUYUuEr9ST2nX93Wt2%2BRdJWz%2FoghKbiwA1U%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community