Staples stores in Canada have some explaining to do after a government audit found evidence that the office supply chain was violating Canadian privacy law by selling used computers and storage drives that still contained data belonging to the previous owner.
According to the CBC, the Canadian Privacy Commissioner’s office performed an audit or 149 storage devices (computers, USB drives, and memory cards) that had supposedly undergone a memory wipe and were intended for resale by Staples. Unfortunately, the audit still managed to discover data — anything from bank and tax information to passport numbers and academic transcripts — on 54 of the devices.
Laptops had the highest incidence of residual data, with 17 of 20 audited computers still containing data after going through Staples’ memory wipe procedure.
The problem was not localized to one store or region, as the audit looked at 17 different stores in seven provinces. Only two stores’ devices showed no evidence of leftover data.
“The position of our office is that if Staples is unable to remove all customer data from a particular manufacturer’s device, it is unacceptable to resell that device,” writes the Privacy Commissioner in her report.
Unfortunately, the commissioner can’t impose sanctions on Staples, though she has asked the company to review its wiping procedure.
“Until our recommendation on wiping customer data is fully implemented, personal information will continue to remain at risk and Staples will not meet its obligations under [the Personal Information Protection and Electronic Documents Act ],” her report said.
Staples responded to the report by saying it “has implemented changes that exceed current industry practice to remove personal data from returned memory devices… many of the issues covered in the audit represent industry-wide challenges.”
Regardless of where you take your old computer or storage device, it’s in your best interest to do the memory wipe yourself before handing it over to anyone else.
Any recommendations from tech-savvy readers on how best to wipe out all that personal information?
Thanks to Ed for the tip!