Staples resold the devices without removing the data, which resulted in the improper disclosure of personal information to other customers. In both instances the devices were returned with personal information about the purchasers residing on them. Both complaints related to the purchase and subsequent return of a data storage device. Office of the Privacy Commissioner of Canadaįollow us on Twitter: Minister of Public Works and Government Services Canada 2011ĭuring the period covering 2004 - 2008 the Office of the Privacy Commissioner (OPC) investigated two complaints wherein it was alleged that Staples Business Depot (Staples) failed to adequately protect personal information under its control. Shared user identification and passwords puts customer data at riskĪppendix A: Recommendations and ResponsesĪppendix B: Principles under Schedule 1 of PIPEDA considered during this audit Section 18 of the Personal Information Protection and Electronic Documents Act Final Report.Customer data discarded in waste baskets and recycling bins.Documents containing customer’s personal information are not always stored securely.Personal information found on data storage devices destined for resale.There is no follow-up to verify that data has been wiped on leased business machines.Records attached to print/copy orders are retained longer than necessary.Opt-in (express) consent is obtained for marketing purposes.Collection extends beyond what is required to assess credit risk.There is a lack of transparency surrounding trans-border data flows.Customers are not always informed of the purpose of collection.Life Cycle Management of Personal Information. ![]() Compliance monitoring activities need to be strengthened.Process for managing privacy breaches is in place.Privacy policies and procedures provide framework to protect personal information.Roles and responsibilities are clearly defined and understood.
0 Comments
Leave a Reply. |