When you want people to do something for you that is tedious and just altogether easier to skip, nothing works better than cold, hard cash.
Staples Inc. should consider paying its customers to effectively wipe their data off of storage devices they are returning to the retailer. The payment could come in the form of a credit towards the replacement storage device they buy, or just a cash refund that is a small percentage of the overall purchase. But why would Staples want to do this, you ask?
Because the Richmond Hill, Ont.-based office supplies chain was the focus of an audit by the Privacy Commissioner of Canada after complaints were lodged against it for selling used disc drives with customer data still accessible on them. The audit was revealed when the commissioner filed her report with Parliament earlier this week. It wasn’t the first time Staples had come under scrutiny for this mistake either – the Alberta Information and Privacy Commissioner conducted an investigation in 2006.
After this, Staples agreed to conduct its wipe and restore procedure on any returned computer. But it excused computers that are certified in writing by the customer as having no personal, confidential, or sensitive information stored. As one commenter in our story mentioned, many Staples locations now has customers sign a form stating there is no personal data left on the memory products they return.
But the federal Privacy Commissioner’s audit shows this practice has failed to prevent the problem. That means that either customers are signing the form without really wiping their memory clean (either because they don’t bother, or don’t understand how to effectively accomplish it) or that Staples isn’t doing an effective wipe and restore procedure on the drives returned to it – or both.
If Staples is serious about relying on its customers to wipe their own data, and not just using the forms as a band-aid solution to remove liability, it should better inform them of how to wipe their drives clean. A simple Web page detailing instructions and recommending some freeware tools could help educate customers. But to actually make them follow through on it, Staples will need to cough up the cash incentive.
Financially, it’s a smart move – Staples would save money by not having to pay employees for the time it takes to wipe and restore a drive. Instead, some of that cash can go back to the customer. I’d also wager a guess that if you’re actually paying your customers to wipe their data, fewer customers will be motivated to file privacy complaints.
The Canadian Federation of Independent Business’ vice-president Ted Mallet told ITBusiness.ca that better consumer awareness was needed around data destruction, and that retailers can’t bear the responsibility alone. But in the end, Staples is governed by Canada’s private-sector privacy law that requires them to protect customer data, so it’s on the hook.
But by offering its customers cash, Staples might convince them to help bear the burden of stopping unnecessary data leaks.