Canada’s privacy watchdog, Jennifer Stoddart, is no slouch when it comes to aggressively enforcing her mandate – providing the strongest possible privacy protection for Canadians, in an era of constantly evolving risks to privacy.
Stoddart has successfully taken on Google, Facebook, and a multitude of transgressors intent on violating Canada’s federal privacy law – the Personal Information and Electronic Documents Act.
As part of her annual report, released yesterday, Stoddard outlined what she described as a “long-standing problem” – Staples Business Depot’s failure to fully wipe customers’ personal data – including government-issued identification numbers, financial statements, employment histories, medical information, e-mail messages, personal correspondence and photographs – from computers, laptops, USB Hard Drives, and memory cards, prior to resale. A stunning violation of the Personal Information and Electronic Documents Act.
But why be polite? Rather than a just a violation of the privacy act – what we’re really talking about is; a negligently stupid lack of consideration for the privacy of the people who pay the bills – the customer.
Stoddart’s common sense position: If you (Staples) can’t remove all customer data from a device, then don’t sell it.
In a rather pathetic response, Staples Business Depot tried to weasel out of the blowback from what is clearly an embarrassing and perhaps legally challenging (although, this remains to be seen) situation, by describing the data wipe process as ineffective. Theoretically technically true – but, disingenuous nevertheless.
Short of melting down a Hard Drive’s platter/s, there is always a risk (theoretically), that deleted/overwritten data can be recovered. But, an average user is not up against James Bond, the CIA, the FBI, or a computer forensic specialist running an application such as OSForensics – which I have reviewed here.
Some practical advice:
If you are ever in a position where you find it necessary to return a storage device for a refund or replacement, do not trust that the merchant will apply proper security precautions. Instead, run a reliable utility designed to erase and overwrite data on the storage device.
To learn how to do this using the freeware application File Shredder 2 – read the companion piece to this article – Delete Data Permanently With Free Free File Shredder 2 – which I posted immediately following this article.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.