The federal privacy watchdog has discovered that Staples Canada did not completely erase personal data from returned laptops that were later resold. According to the Office of the Privacy Commissioner of Canada, an examination of laptops returned to four Ontario Staples stores revealed that 23% of the devices still contained personal information such as names, email addresses, account details, email snippets, and partial facial images.
Staples has been given a nine-month deadline by the privacy commissioner to establish clear guidelines for data wiping procedures, enhance employee training, and engage an independent third party to annually inspect returned devices.
The investigation into Staples’ data practices was initiated following claims by a former sales associate that laptops were not consistently wiped clean upon return. It was reported that some computers still displayed the previous owner’s username and password, while at least one resold laptop retained personal information from a previous user.
This is not the first time Staples has faced scrutiny over data security, as a previous audit in 2011 raised similar issues. The recent investigation has revealed that some of these concerns persist even after 15 years.