Privacy watchdog says Staples Canada didn’t completely erase personal information from resold laptops
listen to this article
approx 2 minutes
The audio version of this article has been generated by AI-based technology. There may be incorrect pronunciations. We are working with our partners to continually review and improve results.
The federal privacy watchdog has found that Staples Canada did not completely remove personal information from returned laptops, which it later resold.
The Office of the Privacy Commissioner of Canada says its staff recently analyzed laptops returned by customers to four Ontario Staples stores and found that 23 per cent of the devices contained personal information, including names, email addresses, account information, fragments of emails and partial images of faces.
The Privacy Commissioner gave Staples nine months to develop clear standards for wiping devices, improve staff training and appoint an independent third party to conduct annual spot checks on returned devices.
The commissioner launched an investigation into the retailer’s data policies after a former Staples sales associate alleged that laptops were not always wiped after their return.
In some cases, the complainant said the computer was stored on the device with the previous owner’s username and password. In at least one instance, they saw a laptop being resold with a previous customer’s personal information still erased.
Commissioners audited Staples in 2011 over similar concerns and say their new investigation shows some of the same problems persist 15 years later.
