Skip to main content

Canadian Privacy Commissioner criticizes Staples

The Canadian Privacy Commissioner, Jennifer Stoddart, has found that Staples Canada Inc. failed to fully wipe customer data from returned devices such as laptops, hard drives or USB keys prior to reselling them.
The Staples audit included tests on data storage devices (ie. computers, laptops, USB hard drives and memory cards) that had undergone a "wipe and restore" process and were destined for resale.  Of the 149 data storage devices tested, over one-third (54 devices) still contained customer data - in some cases, highly sensitive personal information such as Social Insurance Numbers, and health card and passport numbers; academic transcripts; banking information and tax records.

This brings a few questions to mind.

Who are these individuals who would return a device to a store, and blindly trust that the store will do what is in their best interest, rather than in the store's best interest.

The privacy commissioner stated that:
...although Staples generally has good privacy practices, it had not met its obligations under Canada's private-sector privacy law with regard to returned data storage devices.

How many organizations have a policy regarding data storage devices, and the safeguards around their disposal?  I would imagine that most do, but that won't protect the individual consumer.

Personally, I'd like to know the policies of a store before returning data storage hardware, such as cell phones (did you wipe the address book before you returned it?), smartphones (same goes for emails), USB drives, laptops, external hard drives, internal hard drives, computers, or memory cards to them.

I'd want to know if they wipe them, a little bit about how they wipe them, and as a purchaser of previously purchased goods, I'd want to know if the device had been checked for viruses and other malware.

And the next time I return hardware to a store, or purchase a previously purchased device, I will ask.

Comments

  1. [...] a training program, and documented procedures, what are the chances that something like this may happen more and more often? Posted in Uncategorized SHARE THIS Twitter Facebook [...]

    ReplyDelete

Post a Comment

Popular posts from this blog

Error 217 - Error creating product object on Domino 64 bit

I'd like to share something with you.   An error that you'll get if you are trying to use ODBC with Domino 8.5.1 64bit. It starts out with an agent error of Error 217.  The text of the error is "Error creating product object" You can read about it here on the Notes/Domino forum . You can find the solution here as well . I guess I'm now waiting for Domino 8.5.2 for a solution for this.   It would have been nice to have had this in the release notes.  It would have help me greatly.

Fun Little Earthquake

It's 1:45pm EST in Ottawa, Ontario, Canada. We just had an earthquake.  Not strong enough to damage anything, but enough that I watched people run out of buildings. What a fun Wednesday.

Reminder: Increase the maximum available memory on your Lotus Notes client JVM today!

Yup, that's right.  Public Service Announcement time. If you haven't increased the maximum memory available to your Lotus Notes JVM yet, what are you waiting for? By default, the Notes JVM only has 256mb of memory available to it.  On a system with 4GB+ of memory, you should be easily able to increase it to 1/4 to 1/3 of the system memory and improve the end user performance. Here's how: Shut down Lotus Notes. In order to make sure that all processes are stopped, run this command:  Start -> Run Type: C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe -kill Open: C:\Program Files (x86)\IBM\Lotus\Notes\framework\rcp\deploy\ Open the "jvm.properties" file in a text editor like notepad.  You will possibly require Administrator permissions. At the beginning of the file, you will see text surrounded by a lot of pound signs ####. The first ‘property’ after the last # sign is: vmarg.Xmx=-Xmx256m Change 256m to 1024m so that the line reads: vmarg.X