The federal privacy watchdog has determined that Staples Canada failed to completely erase personal data from returned laptops that were later resold. The Office of the Privacy Commissioner of Canada conducted an analysis on laptops brought back by customers to four Staples stores in Ontario. The investigation revealed that 23 percent of the laptops contained personal information such as names, email addresses, account details, email snippets, and partial facial images.
As a result of the findings, the privacy commissioner has instructed Staples to establish clear procedures for wiping devices, enhance employee training, and engage an independent third party to annually check returned devices. The probe into the retailer’s data practices was initiated following allegations from a former Staples sales associate claiming that laptops were not consistently cleared of data upon return.
The complainant highlighted instances where computers were retained with the previous owner’s login credentials visible on the device. Furthermore, a laptop was reportedly resold with personal information from a previous user still present. This incident echoes concerns raised in a previous audit of Staples conducted in 2011, indicating that certain issues persist even 15 years later.