Annual Report Issued: Company's Improvements Insufficient
PRIVACY LAW—CANADAJune 21, 2011
An audit by the privacy commissioner of Canada has found that Staples Business Depot stores failed to wipe clean the hard drives of devices intended for resale, despite commitments to address such problems. Included in a report to parliament on the Personal Information Protection and Electronic Documents Act (PIPEDA), which was tabled today and includes information on other ongoing investigations, Commissioner Jennifer Stoddart's audit found that the office supply store "did improve procedures and control mechanisms after our investigations," but they were "not consistently applied nor were they always effective, leaving customers' personal information at serious risk." The company had said it would take corrective action following two complaints to the commissioner. The audit found that of 149 data storage devices, one-third still contained customer data.