Gal Ringel, Mine: “there’s no such thing as a riskless internet, data breaches happen”

How many times have you registered on a website to make a one-time purchase, quickly forgetting about the account’s existence? And would you be any more careful if you knew that stored information can be kept on the servers from weeks to decades?

It’s no secret that cybercriminals are actively targeting both large and small enterprises to obtain sensitive data, which could be held for ransom or sold on illegal marketplaces. And while companies are obliged to comply with regulations to secure customer data, many fail to follow through.

While users are already trying to mask their private information with security tools, we asked Gal Ringel, the CEO and Co-Founder at Mine – a company that helps manage your personal data, – whether there are more efficient ways to protect digital footprints.

Tell us how it all began. What was the idea behind Mine?

We are three co-founders at Mine, who are concerned about data privacy, considering how easily our data can be used against us in many ways. At the end of 2017, we saw the GDPR being legislated and about to come into force later in 2018. Since sharing our data has become a requirement for anyone who wants to use and enjoy the internet to its full intent, we decided to make these rights accessible to everyone.

But for many years, privacy was always about building fences around consumers to keep their data “safe,” but no one wants to give up the internet to protect their privacy. We decided to change this by talking about data ownership and looking at data privacy online from a value-based perspective. And so we developed Mine – a smart data assistant that gives users transparency and choice over the data they share online.

Mine gives consumers the confidence to enjoy the internet and give their data to whomever they choose, to receive great experiences in return. We allow consumers to keep track of their digital footprint, discover which companies hold their personal data, understand the digital risk, and, if they want, send a deletion request (right-to-be-forgotten) to remove their data and keep their data only where they want it.

What is a digital footprint, and how can individuals discover their digital mark?

A digital footprint is a unique trail of data you leave behind while using the Internet. An example of a digital footprint could be your browsing history, search history, likes, text messages, tagged photos, and videos, simply saying anything that leaves a digital trace that can be linked back to you.

There are several ways you can check your digital footprint. You can start by searching your name in search engines such as Google and Bing and exploring the results. Another option is to use online tools like Mine that discover your digital footprint and tell you which companies hold your personal data.

Handling data reclamation cases must be a tough task for companies as well. Can you tell us more about how your Evidence solution helps businesses with privacy requests?

A big challenge of handling privacy requests is finding a way to quickly validate and verify the privacy requests.

To date, there hasn't been any standard for handling privacy requests. This situation resulted in cumbersome processes for companies and frustrated consumers who found it very difficult to take ownership of their data.

Based on our conversations with hundreds of companies, we have learned how difficult it is for companies to identify their users, determine the type of data interaction they had with their users, and locate the data sources from which to delete the user's data, all of which cause a huge waste of resources.

It became clear that more information about the user is needed for companies to streamline the process. To resolve this issue, we developed the Email Evidence by Mine, which standardizes consumer requests and reduces the time and resources that go in receiving and verifying privacy requests to a few simple clicks. Using our technology, companies can gain more context and understand their past email interactions with their users to help verify the user and validate their request faster.

This unique evidence tool that’s part of our PrivacyOps platform for businesses helps identify users, locate them in the company’s systems and create more efficient privacy processes. The Email Evidence includes proof of data collection, identification of the user, an indication of the user-company relationship, and more.

Why is it important to delete accounts of services or apps you no longer use?

From the consumer’s point of view, data privacy affects every area of our lives. This became even more true since COVID-19, when most of the world had to move their entire offline life online. We’ve researched the effects of the pandemic on people’s digital footprint and discovered a 55% increase of signups to digital services on average, increasing the worldwide data exposure of millions of people and making them more exposed to digital risks.

There’s no such thing as a riskless internet, data breaches happen. However, having a cleaner digital footprint is not just about potential data breaches and keeping your data safe from the hands of hackers, but also it’s about the representation of yourself online.

Talking about data protection from the standpoint of companies, I can say that no company can truly protect itself against data breaches. Therefore businesses should also be proactive about their customers’ data privacy and protection and review their data minimization and retention strategies.

This might seem counterintuitive at first, as a lot of data is often collected for sales/advertising/marketing optimization purposes and market research. But, this can protect them from brand damage in the future.

We’re also trying to help companies minimize their own and users’ digital footprint and minimize security and compliance risks by providing solutions like our Live data mapping tool.

Have you noticed any new types of cybercrime emerge during the pandemic?

Definitely, last year, due to COVID-19, we all moved online; some might say it was the most digital year ever since the internet was invented. Many companies who didn’t have a digital presence now moved their services online to stay relevant for their consumers. This was especially true in retail. Since the pandemic, we saw a 67% increase in signups to online shopping websites with a growth of 200% in registrations to smaller, long-tail services. Unfortunately, these services often don’t have the right security measures in place to keep themselves and their customers’ data safe from data breaches, which could lead to increased digital risks and breaches.

As the interactions move online, we see more attacks on the more vulnerable businesses and consumers, with cybercriminals exploiting vulnerabilities in e-commerce payment platforms or checkout pages or scamming consumers with fake listings for highly sought-after items that are frequently out of stock.

Some experts believe that keeping up to date with data privacy trends and requirements could even be the selling point for customers. Can you share some tips for businesses looking to make their privacy policy user-friendly?

Yes, this is an excellent point. Here are some tips to make the privacy policy user-friendly:

• Keep the privacy policy relevant, meaningful, and to the point. Your privacy policy needs to highlight information about your business that is relevant to your users and customers. It’s best to avoid generalizing and catch-all phrases – take advantage of this opportunity to clarify any confusion before it arises.
• Use plain language, so that not only lawyers can understand it. Avoid legal terms and explain your practices in a language that any site visitor will understand. Go the extra mile and provide summaries or explanations of complex topics, as well as links and references to the full description.
• Ensure that the document is as brief as possible. We recommend structuring your policy for ease of reference and making it user-friendly while providing the details that people must know.
• Inform customers about their available options. This regards collecting, using, or disclosing their information (e.g., choosing not to share personal data for marketing purposes) and clearly explaining how they can exercise those choices.
• Explain how they can obtain access. Identify ways for customers to access their personal information, request a correction, or the complete deletion of their data. Provide further details through the use of links or pop-up windows whenever a user might need to make a privacy choice.
• Make privacy information easy to find. You can place the link in a prominent location on your homepage.

What are threat actors usually trying to gain by taking advantage of one’s data?

It could be various things. Sometimes, hackers want to steal your data so that they can hold it for ransom.

Attackers can exploit this type of sensitive information to break into other accounts, attempt to steal identities, and so on.

My advice would be not to stop sharing your data online but to keep a lean digital footprint to reduce risks and not use the same password for multiple accounts so that if an attacker steals your password for one service, he cannot use it for another.

While organizations and those overseeing data within businesses can minimize these digital risks by avoiding the temptation to collect unnecessary personal information and creating strategic data retention policies, storing data only as long as it’s needed (and making sure you meet compliance requirements in that respect), but avoid keeping it around longer than necessary because this data storage could pose unnecessary security (not to forget compliance) risk.

What data privacy issues would you like to see resolved in the next few years?

As data will only increase in importance in the coming years and therefore the control and security over our data and privacy as well, I think it would benefit both consumers and companies greatly if there was a global data privacy standard with clear guidelines. Today it’s still very confusing and complicated for both consumers and companies to deal with data privacy because different rules apply in different regions and to different situations. This should be standardized to make data privacy more clear, transparent, and accessible to make it easier to minimize the data footprint and be more secure.

Would you like to share what the future holds for Mine?

We are constantly working on advancing our products to support our vision of creating a new global privacy standard that will bridge the gap between consumers and companies by making data discovery, management, and control easy and accessible for both sides.

Our community has grown to over 1 Million data empowered consumers and 1500 companies who have joined this vision for our future of data ownership, so we’re very excited about the future.

On the business side, we help companies add an automation and orchestration layer to enable businesses to become more efficient and agile and focus on their business. But it goes beyond privacy compliance. We are bringing a whole new bottom-up privacy approach to the market! By leveraging our consumer experience, we will continue to help businesses understand their customers and provide tools to create privacy experiences that their users will enjoy, increasing loyalty and trust and reducing friction.

On the consumer side, we will be rolling out a subscription model soon, including new features that make it easier for them to reclaim data from companies. This will include automating the responses to companies to help them in the data deletion request process and get their data reclaimed faster and more easily.

Mine’s mission is to help the entire data privacy community and allow everyone (both individuals and businesses) to get peace of mind regarding their data, reduce the online exposure of personal data and create better privacy experiences for all.