According to a November 2005 Gartner Inc. survey, nearly 80% of companies said that "managing data security and privacy risks' were very important or most important when disposing of obsolete hardware." Yet 30% admitted they had no policy for ensuring the security of used equipment.
Frances O'Brien, research vice president at Stamford, Conn.-based Gartner, said that despite the increased concern, there is still a vast amount of used hardware out there with recoverable corporate data on it. She points to a 2003 study conducted by Massachusetts Institute of Technology students on 158 disk drives bought from auction sites, PC retailers and salvage companies. It found that 74% of the drives contained recoverable data -- including company financials, credit card numbers, medical records, sensitive e-mails and pornography.
One company that I have worked with has a small drill press in the IT department--- a quick, inexpensive shredder program followed by six 1/4 inch holes pretty much does the trick.