Sarah Schmidt of Canwest News Service reports that a Staples Business Depot store in Ottawa sold a returned computer hard-drive on clearance that contained hundreds of personal files on it.
Although businesses have responsibility to protect information under PIPEDA, Staples has a warning on all of its receipts that says, “Customers are responsible for the removal and backup of all data [including personal information] from returned products.” So is this a case where both the store and the customer are responsible, or does the responsibility still rest with the company? According to a Canadian privacy lawyer, the notice on the receipts does not absolve Staples of its responsibility.