Staples Canada Fails to Erase Personal Data from Returned Laptops
Estimated read time 4 min read
Posted in Canada

Staples Canada Fails to Erase Personal Data from Returned Laptops

Key Takeaways

  • The Canadian Privacy Commissioner found that Staples Canada did not fully remove personal information from returned laptops that were later resold.
  • An analysis of laptops returned to four Ontario Staples stores found that 23% of the devices still contained personal information, including names, email addresses, and partial images of faces.
  • The commissioner has given Staples nine months to develop clear standards for wiping devices, improve staff training, and hire an independent third-party to conduct annual spot checks on returned devices.
  • The investigation was prompted by a former Staples sales associate who alleged that laptops were not always wiped following their return.
  • The commissioner had previously audited Staples in 2011 over similar concerns and found that some of the same problems persisted 15 years later.

Introduction to the Investigation
The federal privacy watchdog in Canada has found that Staples Canada, a leading retailer of office supplies and electronics, did not fully remove personal information from returned laptops that were later resold. This discovery was made after the Privacy Commissioner of Canada analyzed laptops returned by customers to four Ontario Staples stores. The analysis revealed that 23% of the devices still contained personal information, including names, email addresses, account information, email fragments, and partial images of faces. This is a serious concern, as it puts the personal data of customers at risk of being accessed by unauthorized individuals.

Background to the Investigation
The investigation was prompted by a former Staples sales associate who alleged that laptops were not always wiped following their return. The associate claimed that in some cases, the computers were stored with the previous owner’s username and password showing on the device. In at least one instance, the associate saw a laptop resold that still had unwiped personal information from a previous customer. This raises serious questions about the adequacy of Staples’ data protection policies and procedures. The commissioner had previously audited Staples in 2011 over similar concerns, and it is disturbing to find that some of the same problems persisted 15 years later.

Findings of the Investigation
The investigation found that Staples had inadequate procedures in place for wiping personal information from returned laptops. The company’s staff were not properly trained on how to handle customer data, and there were no clear standards for ensuring that devices were properly wiped before being resold. The commissioner’s analysis of the laptops returned to the four Ontario stores found that 23% of the devices still contained personal information. This is a significant percentage, and it suggests that Staples’ data protection policies and procedures were not effective in preventing the unauthorized disclosure of customer data.

Recommendations and Next Steps
The Privacy Commissioner of Canada has given Staples nine months to develop clear standards for wiping devices, improve staff training, and hire an independent third-party to conduct an annual spot check on returned devices. This is a reasonable timeframe for Staples to take corrective action and ensure that its data protection policies and procedures are adequate. The company must take immediate action to address the concerns raised by the investigation and prevent similar incidents from occurring in the future. The commissioner’s recommendations are aimed at ensuring that Staples takes a more proactive approach to protecting customer data and preventing the unauthorized disclosure of personal information.

Conclusion and Implications
The findings of the investigation are a wake-up call for Staples and other companies that handle customer data. It highlights the importance of having adequate data protection policies and procedures in place to prevent the unauthorized disclosure of personal information. The investigation also underscores the need for companies to regularly review and update their data protection policies and procedures to ensure that they are effective in preventing data breaches. The commissioner’s recommendations and the actions taken by Staples will be closely watched by other companies and regulators, and it will be important to see how the company responds to the concerns raised by the investigation. Ultimately, the goal is to ensure that customer data is protected and that companies are held accountable for their handling of personal information.

Click Spread

You May Also Like

More From Author

Australian Author Craig Silvey Arrested on Child Exploitation Charges

Australian Author Craig Silvey Arrested on Child Exploitation Charges

Callum Simpson to Face Troy Williamson in Highly Anticipated Rematch

Callum Simpson to Face Troy Williamson in Highly Anticipated Rematch

Leave a Reply

Your email address will not be published. Required fields are marked *