Staples Canada has been found by the federal privacy watchdog to have inadequately removed personal data from returned laptops that were later resold. The Office of the Privacy Commissioner of Canada conducted an analysis on laptops returned to four Ontario Staples stores, discovering that 23% of the devices contained personal information such as names, email addresses, account details, email snippets, and partial facial images.
Following this discovery, the privacy commissioner mandated that Staples develop clear guidelines for data wiping procedures within nine months. Additionally, they are required to enhance staff training and engage an independent third party for conducting annual spot checks on returned devices.
The investigation into Staples’ data handling practices was initiated after a former sales associate alleged that laptops were not consistently wiped clean upon return. Concerns were raised when it was observed that some computers still displayed the previous owner’s username and password, with instances of laptops being resold without personal information being erased.
This is not the first time Staples has come under scrutiny for data privacy issues. A previous audit in 2011 highlighted similar problems, indicating that some of these issues persisted over the course of 15 years.
