It's predictable like the change of the seasons. Every year systems come off lease or are fully depreciated and its time dump the old and bring in the new. But just how careful are you about erasing data from old systems? Recently in a press release, Forensics vendor Kroll Ontrack said that it bought five enterprise owned used systems on EBay just to see how much data it could recover. The company says it retrieved about 60% of what had been stored on those systems.
I have to admit to worrying about this a couple years ago when my personal desktop gave up the ghost. I had TurboTax documents on it and probably a bunch of other stuff I didn't want anyone to see (ok, I definitely did). My solution was to open up the system, remove the hard drive and then beat the drive to a pulp with a hammer. Neanderthalic, but effective - and oddly cathartic.
It's probably not reasonable to flatten every hard drive you retire from your enterprise - though I highly recommend leveling a few yourself. There's plenty of software out there that will wipe the drive and then write and rewrite bit patterns until you tell it to stop. Simply hitting the delete key is certainly not enough, and the more sensitive the data the more you should make sure that even the forensics folks can't read the drive. They're not all white hats.
Now this notion of seeing what you can find on used systems sold on eBay is another matter - of course no one reading this blog would troll for credit card numbers or other personal information, but maybe Rush Limbaugh could pony up a few mil for anyone who can find his old Oxycontin prescriptions... It's all good clean fun.