The federal privacy watchdog has found Staples Canada did not fully remove personal information from returned laptops that it later resold.
The Privacy Commissioner of Canada says its staff recently analyzed laptops returned by customers to four Ontario Staples stores and found 23 per cent of the devices had personal information including names, email addresses, account info, email fragments and partial images of faces.
Get breaking National news
It gave Staples nine months to develop clear standards for wiping devices, improve staff training and hire an independent third-party to conduct an annual spot check on returned devices.
The commissioner started looking into the retailer’s data policies after a former Staples sales associate alleged laptops were not always wiped following their return.
- Canada moves to help Canadians trapped in Kuwait without exit permits
- Edmonton LRT construction to close 102 Avenue to traffic starting March 16
- Land clearing starts as Whale Sanctuary Project in Nova Scotia reaches milestone
- Lawyer seeks acquittal for 2nd defendant in Montreal drive-by shooting that killed teen
In some cases, the complainant said the computers were stored with the previous owner’s username and password showing on the device. In at least one instance, he saw a laptop resold that still had unwiped personal information from a previous customer.
The commissioner had audited Staples in 2011 over similar concerns and says its new investigation revealed that some of the same problems persisted 15 years later.
Comments
Want to discuss? Please read our Commenting Policy first.