Staples resold laptops with customer data, audit finds
eHarmony investigated over data retention
CBC News
Posted: Jun 21, 2011 10:23 AM ET
Last Updated: Jun 21, 2011 10:13 PM ET
Related
Related Links
External Links
(Note:CBC does not endorse and is not responsible for the content of external links.)
Staples Business Depot has breached Canadian privacy law by not fully wiping customer data off laptops and storage devices returned by customers before reselling them, Canada's privacy commissioner has found.
Banking information, tax records, social insurance numbers, health card and passport numbers, as well as academic transcripts were among the information found on 54 of 149 tested data storage devices destined to be resold by Staples during an audit by the office of Privacy Commissioner Jennifer Stoddart.
Staples told the privacy commissioner's office that it would not overwrite old data to wipe the devices because that could damage them. Canadian Press
"The position of our office is that if Staples is unable to remove all customer data from a particular manufacturer’s device, it is unacceptable to resell that device," said a summary of the findings.
The audit was part of Stoddart's 2010 report tabled in Parliament on Tuesday in compliance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), meant to protect the private information that consumers give to companies in the course of doing business.
The privacy commissioner's office tested computers, laptops, USB hard drives and memory cards that had already undergone a "wipe and restore" process intended to delete data. The devices most likely to contain customer data were laptops, where it was found in 17 of 20 cases.
'Until our recommendation on wiping customer data is fully implemented, personal information will continue to remain at risk.'— Privacy commission report
Customer data was found on devices from 15 of 17 stores audited in seven provinces: B.C., Alberta, Manitoba, Ontario, Quebec, Nova Scotia, and Newfoundland and Labrador. Staples has 300 stores across the country.
The privacy commissioner does not have the power to impose sanctions, but it recommended that Staples review its data-wiping process and implement controls to ensure personal data is not disclosed.
"Until our recommendation on wiping customer data is fully implemented, personal information will continue to remain at risk and Staples will not meet its obligations under PIPEDA," the report said.
In a statement Tuesday, Staples said it co-operated fully with the privacy commissioner's office and responded "positively" to all the recommendations.
"Further, Staples has implemented changes that exceed current industry practice to remove personal data from returned memory devices," the company said.
Contrary to what was in the report, the company said its practices "meet the level requested by the Privacy Commissioner."
Staples added that "many of the issues covered in the audit represent industry-wide challenges" and the company supports the development of industry-wide standards for privacy protection.
Staples told the privacy commissioner's office that it was actively testing several ways of wiping data from returned storage devices.
Jennifer Stoddart said her findings were particularly disappointing given that her office had already investigated previous complaints involving returned storage devices, in 2004 and 2008, and Staples had committed to corrective action.
Canadian Press However, it said overwriting the data — the most reliable method and the one recommended by the privacy commissioner's office — was not an option because that could damage some of the devices.
The company was also at odds with the privacy commissioner's recommendation that it only keep online print and copy orders as long as necessary for the client to check if there were issues related to print quality, in keeping with PIPEDA. Staples responded that it believes storing the submissions for one year is appropriate.
Stoddart said her findings were "particularly disappointing" given that her office had already investigated previous complaints involving returned storage devices, in 2004 and 2008, and Staples had committed to corrective action.
EHarmony issue
The report summarized a number of other investigations, including a complaint about eHarmony, a popular U.S.-based online dating website.
A Canadian customer complained that eHarmony had not complied with her request to have her account deleted.
The company told the privacy commissioner's office that was because 40 per cent of customers reactivate their accounts within a year.
However, following the investigation, it agreed to give customers a choice between deactivating and deleting their accounts.
Share Tools
Top News Headlines
- CP Rail negotiations stalled, union says
- Negotiations between Canadian Pacific Railway Lt. and the union representing 4,800 striking locomotive engineers and conductors have come to a "stall" after the government-appointed mediator walked out at 2 p.m. ET, a union spokesman says. more »
- UN Security Council blames Syrian regime for massacre
- The UN Security Council condemned the Syrian regime at an emergency meeting Sunday, holding president Bashar al-Assad's military responsible for the massacre of more than 100 people, dozens of whom were children younger than 10 years old. more »
- Ryder Hesjedal wins prestigious Giro d'Italia
- Victoria, B.C., native Ryder Hesjedal has become the first Canadian to win one of the cycling world's three Grand Tour events, wrapping up the 2012 Giro d'Italia with an excellent performance in the final stage in Milan. more »
- Neighbour may have helped find missing kids in Mexico
- Two Winnipeg children who had been missing for nearly four years were found in Mexico after a man raised concerns about his neighbour, according to a private investigator. more »
Latest Business Headlines
- Bankia asks Spain for €19B
- The board of directors of Spain's troubled bank, Bankia, has asked the Spanish government for €19 billion ($24.5 billion Cdn) in financial support. more »
- EI reforms aim to boost employment, Flaherty says
- Finance Minister Jim Flaherty defended his government's proposals to change employment insurance, saying the aim is to remove "disincentives to employment." more »
- Employment Insurance review boards to be scrapped
- The federal government is scrapping two review boards used by people appealing decisions made about their employment insurance. more »
- Ottawa moves to limit foreign investment reviews
- The federal government is raising to $1 billion the amount of foreign money that can go into a Canadian company before the investment is reviewed. The review has been used in the past to block foreign takeovers of MDA and Potash Corp. more »
Lang & O'Leary Exchange
Markets
| Index | Last Trade | Change |
|---|---|---|
| TSX COMPOSITE | 11576.47 | 10.4 |
| DOW | 12454.83 | -74.92 |
| NASDAQ | 2837.53 | -1.85 |
| SP 500 | 1317.82 | -2.86 |
| NYSE COMPOSITE | 7534.32 | -18.01 |
| AMEX | 2227.37 | 1.45 |
| TSX-VENTURE | 1309.27 | 26.8 |
The data on this site is informational only and may be delayed; it is not intended as trading or investment advice and you should not rely on it as such.
Business Features
- Teen struck by lightning in Ottawa dies
- Missing Winnipeg children found in Mexico
- Quebec tornadoes cause millions in damage
- UN Security Council blames Syrian regime for massacre
- Montreal protesters march in peaceful defiance
- Woman's remains found in hockey bag on Cape Breton river
- Everest team unable to bring down Toronto woman's body
- WWE apologizes to Brazil over Canadian's flag stomp
- Lady Gaga nixes Indonesia show after threats
