When you want people to do something for you that is tedious and just altogether easier to skip, nothing works better than cold, hard cash.

Staples Inc. should consider paying its customers to effectively wipe their data off of storage devices they are returning to the retailer. The payment could come in the form of a credit towards the replacement storage device they buy, or just a cash refund that is a small percentage of the overall purchase. But why would Staples want to do this, you ask?

Brian Jackson, Associate Editor, ITBusiness.ca
Brian Jackson, Associate Editor, ITBusiness.ca

Because the Richmond Hill, Ont.-based office supplies chain was the focus of an audit by the Privacy Commissioner of Canada after complaints were lodged against it for selling used disc drives with customer data still accessible on them. The audit was revealed when the commissioner filed her report with Parliament earlier this week. It wasn’t the first time Staples had come under scrutiny for this mistake either – the Alberta Information and Privacy Commissioner conducted an investigation in 2006.

After this, Staples agreed to conduct its wipe and restore procedure on any returned computer. But it excused computers that are certified in writing by the customer as having no personal, confidential, or sensitive information stored. As one commenter in our story mentioned, many Staples locations now has customers sign a form stating there is no personal data left on the memory products they return.

But the federal Privacy Commissioner’s audit shows this practice has failed to prevent the problem. That means that either customers are signing the form without really wiping their memory clean (either because they don’t bother, or don’t understand how to effectively accomplish it) or that Staples isn’t doing an effective wipe and restore procedure on the drives returned to it – or both.

If Staples is serious about relying on its customers to wipe their own data, and not just using the forms as a band-aid solution to remove liability, it should better inform them of how to wipe their drives clean. A simple Web page detailing instructions and recommending some freeware tools could help educate customers. But to actually make them follow through on it, Staples will need to cough up the cash incentive.

Financially, it’s a smart move – Staples would save money by not having to pay employees for the time it takes to wipe and restore a drive. Instead, some of that cash can go back to the customer. I’d also wager a guess that if you’re actually paying your customers to wipe their data, fewer customers will be motivated to file privacy complaints.

The Canadian Federation of Independent Business’ vice-president Ted Mallet told ITBusiness.ca that better consumer awareness was needed around data destruction, and that retailers can’t bear the responsibility alone. But in the end, Staples is governed by Canada’s private-sector privacy law that requires them to protect customer data, so it’s on the hook.

But by offering its customers cash, Staples might convince them to help bear the burden of stopping unnecessary data leaks.

Share on LinkedIn Share with Google+
More Articles

  • Dwayne Baldwin

    You bought the computer and you put the information on it. It is your data and your responsibility and has nothing to do with the retailer, reseller or government.

    What a complete a waste of time, money and resources to handhold a handful of negligent people.

    We don’t need CYA privacy laws, we need to educate people (including the privacy commissioner) that whenever you point your finger at someone else, you always have three fingers pointed at yourself.

    Canadians need to quit blaming others and take responsibility for themselves.

  • Gisabun

    I agree with Dwayne Baldwin. It is your data. You are responsible for it. Whether or not you are a novice or an exprert.
    Both Staples and the former owner are both responsible if data is left on media. Staples should be properly wiping any item they intend on reselling. They obviously haven’t.
    The former owner shouldn’t be putting anything on the media until they are sure that whatever they bought is what they want.
    Giving the consumer credit for something shey should be doing on their own is rediculous.

  • roliaz

    Whose responsibility is it to empty the file cabinets that are returned to Staples?

    Hey Brian, how much profit do you think is in a transaction? As a merchant they’d be very lucky to make $200.00 on a $1000.00 sale and now you’re proposing that they further pay the customer to wipe clean the unit.

    Maybe it should be this way, upon return the refund would be the purchase amount less $100.00 that would be refunded after inspection for damage and residual data. If it passed, the balance would be refunded if not the $100.00 covers the costs of drive restoration.

    I hope you’re better prepared when you present your next article.

  • Paying customers to wipe their data will in no way guarantee that they do (or do it properly). Its a bit shocking to me that companies like Stapled don’t routinely thoroughly clean the slate on any returned product they intend to resell if for no other reason than nothing pisses off a new customer more than being reminded they’ve gotten a rerun when they thought they bought new. And what about the liability a company like Staples must face if they resell a product a previous customer has infected with a virus or some other data time bomb? Cleanliness is next to Godliness…applies to computers too.

    Mark D Hughes
    Executive Director
    Institute for the Study of Privacy Issues (ISPI)

  • Dan

    Talking about privacy and security, why does your “My Latest Tweets” sidebar use bit.ly links. Bit.ly is spyware and has all sorts of security problems, in addition to the fact that Qadaffi has ultimate control over it.

  • Nobody needs useless data. unless it’s a home made porn 🙂 Othervise it will be wiped out anyway.