BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Staples resold laptops with customer data, audit finds

From: security curmudgeon <jericho () attrition org>
Date: Thu, 23 Jun 2011 02:05:04 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.cbc.ca/news/technology/story/2011/06/21/technology-staples-business-depot-privacy-commissioner.html

CBC News
Jun 21, 2011

Staples Business Depot has breached Canadian privacy law by not fully 
wiping customer data off laptops and storage devices returned by customers 
before reselling them, Canada's privacy commissioner has found.

Banking information, tax records, social insurance numbers, health card 
and passport numbers, as well as academic transcripts were among the 
information found on 54 of 149 tested data storage devices destined to be 
resold by Staples during an audit by the office of Privacy Commissioner 
Jennifer Stoddart.

"The position of our office is that if Staples is unable to remove all 
customer data from a particular manufacturer?s device, it is unacceptable 
to resell that device," said a summary of the findings.

The audit was part of Stoddart's 2010 report tabled in Parliament on 
Tuesday in compliance with Canada's Personal Information Protection and 
Electronic Documents Act (PIPEDA), meant to protect the private 
information that consumers give to companies in the course of doing 
business.

The privacy commissioner's office tested computers, laptops, USB hard 
drives and memory cards that had already undergone a "wipe and restore" 
process intended to delete data. The devices most likely to contain 
customer data were laptops, where it was found in 17 of 20 cases.

[...]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/
Previous By Date Next
Previous By Thread Next

Current thread: