Staples resold devices holding consumer data Canada audit rips Mass.-based chain
By Jenn Abelson Globe Staff / June 22, 2011
Staples Inc. has repeatedly put consumers' data at risk in Canada by failing to wipe clean returned storage devices that contain sensitive information and are then resold.
Those findings were reported yesterday following an audit by the Office of the Privacy Commissioner of Canada. The audit included tests of storage devices, including computers, USB hard drives, and memory cards that had undergone a "wipe and restore'' process and were destined for resale.
Of the 149 devices tested, 54 contained customer data, including "highly sensitive personal information'' such as health card and passport numbers, academic transcripts, banking information, and tax records.
"Our findings are particularly disappointing given we had already investigated two complaints against Staples involving returned data storage devices and the company had committed to taking corrective action,'' Canada's privacy commissioner, Jennifer Stoddart, said in a statement. "While Staples did improve procedures and control mechanisms after our investigations, the audit showed those procedures and controls were not consistently applied, nor were they always effective - leaving customers' personal information at serious risk.''
...