Staples Canada breached privacy rules: watchdog
OTTAWA (Reuters) - Staples Canada Inc has breached the country's privacy law after repeatedly failing to wipe sensitive personal information from computers returned by customers and put back on shelves for resale.
In an annual report released on Tuesday, Canada's privacy watchdog released the results of an audit it conducted on the Canadian unit of the office supply retail chain.
"Customers' personal information left on returned electronic devices was at risk at the end of our audit," said Valerie Lawton, a spokeswoman for the Office of the Privacy Commissioner of Canada.
Seventeen out of 20 computers and laptops tested by the commissioner contained customer data. In total, the commissioner tested 149 devices -- including hard drives and memory sticks -- and found customer data on 54 of them. It detected faulty procedures for protecting private data at 15 out of 17 stores checked.
Banking information, credit card statements, social insurance numbers and passport numbers were among the personal information found, exposing people to potential identity theft and fraud, it said.
"Our position is that if Staples and other retailers can't remove all customer data from a particular type of device, they should not be reselling that device," Lawton said.
Lawton said Staples informed the privacy commissioner on Tuesday it had created and implemented a more effective method of wiping laptops and other computers of all customer data.
"Clearly, we haven't had the opportunity to examine their new process," she said.
In a statement, Staples said it had responded positively to all of the privacy commissioners' recommendations well before the release of the audit and that it has adopted new practices as technology has evolved, exceeding the industry standard. Continued...