1. Home
  2. General Telecommunications Forum
  3. Staples resold devices holding consumer data

Staples resold devices holding consumer data

Staples resold devices holding consumer data Canada audit rips Mass.-based chain

By Jenn Abelson Globe Staff / June 22, 2011

Staples Inc. has repeatedly put consumers' data at risk in Canada by failing to wipe clean returned storage devices that contain sensitive information and are then resold.

Those findings were reported yesterday following an audit by the Office of the Privacy Commissioner of Canada. The audit included tests of storage devices, including computers, USB hard drives, and memory cards that had undergone a "wipe and restore'' process and were destined for resale.

Of the 149 devices tested, 54 contained customer data, including "highly sensitive personal information'' such as health card and passport numbers, academic transcripts, banking information, and tax records.

"Our findings are particularly disappointing given we had already investigated two complaints against Staples involving returned data storage devices and the company had committed to taking corrective action,'' Canada's privacy commissioner, Jennifer Stoddart, said in a statement. "While Staples did improve procedures and control mechanisms after our investigations, the audit showed those procedures and controls were not consistently applied, nor were they always effective - leaving customers' personal information at serious risk.''

...

formatting link

Reply to
Monty Solomon
Loading thread data ...

I know that this is not a popular approach but what about the users who returned the storage devices to Staples. Why do we expect to be taken care of when we are doing stupid stuff.

-- Tom Horne

Reply to
Tom Horne

It wouldn't surprise me at all if the customers (at least many of them) were *not* doing something stupid. A lot of "returned" drives may be returned because the customer is upgrading to a bigger drive, or is swapping drives because the old one is starting to not work correctly. Or, he's trading in a whole computer for a new one. Also, the store may use "spare" drives to temporarily hold user data for an OS upgrade onto the same drive, and the user may never know this.

Either way, it's fairly common for a store's tech support to offer to copy customer data from one drive or system to another, either as part of the deal or for a modest fee. Microsoft offers software to do this (Windows Easy Transfer), and maybe they have more specialized, more automatic software for this job. Even with failing drives, much of the data can often be retrieved unless it's completely dead. You'd expect the customer to not wipe the drive: they'd lose their data. If they think to ask, tech support will say that the old data will be wiped off the old drive. I even see that mentioned on TV commercials as a selling point for a new computer: the upgrade is painless.

If you're going to offer a service to copy customer data, it's irresponsible (and likely false advertising, as stores claim it's "safe and secure") to not follow through and wipe the old copy if the store is retaining, then reselling that drive.

Reply to
Gordon Burditt

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.