Staples Canada did not fully delete personal info from returned laptops: commissioner

The federal privacy watchdog has found Staples Canada did not fully remove personal information from returned laptops that it later resold.

The Privacy Commissioner of Canada says its staff recently analyzed laptops returned by customers to four Ontario Staples stores and found 23 per cent of the devices had personal information including names, email addresses, account info, email fragments and partial images of faces.

Get daily National news

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.

Sign up for daily National newsletter Sign Up

By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

It gave Staples nine months to develop clear standards for wiping devices, improve staff training and hire an independent third-party to conduct an annual spot check on returned devices.

The commissioner started looking into the retailer’s data policies after a former Staples sales associate alleged laptops were not always wiped following their return.

In some cases, the complainant said the computers were stored with the previous owner’s username and password showing on the device. In at least one instance, he saw a laptop resold that still had unwiped personal information from a previous customer.

The commissioner had audited Staples in 2011 over similar concerns and says its new investigation revealed that some of the same problems persisted 15 years later.