Hard drives have a lot of data on them. Most of my personal experience has been around the pain and hassle of getting my information back off of a hard drive which failed or was dropped. The time and expense made me wish I had kept a backup.
The principle of a backup is that if you have two computers, and one is easy to log into and get the information off of, and the other is exceedingly difficult, that you would boot up the former.
If you don't back up your drives very regularly, you better hope that the computer that broke is the older one. Some information, like social security numbers, doesn't change much (unless maybe there was a birth or a death between the older and recent backup). Other information, like passwords (hopefully) and credit card IDs does change over the years.
The more recent data is probably on a newer computer. It is probably more valuable to a thief looking to resell a computer, and that person is also not one you want to have your hard drive information. These two concerns come together when a laptop is stolen from the back of a car.
Here is where I think some people's concept of risk de-links from reality.
If someone is stealing a 486 or Pentium 1 computer, when there is a Pentium 4 right next to it, you should either be very, very, very concerned or have a good laugh. The only thing that would give the Pentium 1 computer value would be if there was very specific data on it, specific to you, which no one else should know. Maybe it is your soon to be ex-wife, who is getting porno pictures to win custody in your divorce case. Yes, that would be a concern.
Or maybe the thief is an illiterate mountain man who thought the Pentium 1 was more valuable because it was "bigger". That would maybe be a good laugh, because you are happier that they didn't take your Pentium 4, and now the Pentium 1 with its hard drive is even farther from your ex-wife-to-be.
If you are concerned about data that is only of use to a few people - a competitor, or a foreign espionage agent, a nosey neighbor, I would argue the PC is safer in an anonymous pile, a hundred miles away, than it is in plain sight on the floor of your office.
Now, let's take NPR, speaking to millions of people, about one million computers.
For the purpose of discussion, let's say that 500,000 of the computers are Pentium 4, and 500,000 are ancient Pentium 1s. What is the risk to the public?
One school of thought is that all the PCs should always be wiped. That all 1m computers should be wiped in all cases.
The opposite point of view is that none of the hard drives should be wiped, if they are all mixed up, the odds of your personal information coming out are just a few in a million. Because let's face it, there is no factory of Iranian students taping shredded paper back together (a concern about exporting shredded paper from a few decades back), and there is no factory scale operation snooping for anecdotes for divorce cases. Or for that matter, no scaleable operation looking for credit card or bank info in this way - those operations are modernized and look for the credit card data through other means, such as spyware and phishing schemes, not by physically buyer hardware and seeing if it boots up and if it doesn't boot up, repairing the hard drive and doing data recovery on it to find the credit card information.
Real Life: If all million computers were sitting in my warehouse, and my warehouse was broken into, the Pentium 4s would be gone, and the Pentium 1s would still be there in the morning. The divorce lawyers would not be in the mix, because the very personal data is already a needle in a haystack just by being commingled in the warehouse.
The risk, in other words, is a factor of the free market. The more desirable your computer is, the more steps you need to take to protect its data. But the people stealing computers for the value of the computer are only going to take a random interest in reading your files. If there's porno on the stolen hard drive, they've probably already seen it and are not definitely not going to satisfy their jollies by stealing and rebooting hardware.
If it's desirable because you work for the Department of Defense, and nations hire spies to get your information, your standard should not be to wipe true data and rewrite false data. You should be putting false data, and spyware, onto your PCs and allowing them to be stolen. It's called counter-espionage. But for your rank and file, meanwhile, you want to destroy all the hard drives no matter how old.
For NPR's 1 million computers, here's the fact. The most valuable thing on a used PC today is Adobe Photoshop, or Quickbooks, or Microsoft Office Pro. There is typically $800 worth of software on a used P4 that has a resale value of $100.
So there is a risk, and Good Point Recycling has a policy for wiping hard drives. But our policy, like "women and children first", is that the more modern and valuable the PC, the sooner we are going to wipe and reformat it. If it is a Pentium 1 or a 486, it will get destroyed week to week by a crew of laborers who remove the screws and sort the scrap plastic and metals. The tech department throws higher end P4 hard drives into the same pile if they have been hammered and ruined. Certain clients pay to have their hard drives destroyed in an orderly fashion, and that involves even the truck driver (to document chain of custody) and destruction within 24 hours. We don't turn that business away, and we are very good at it.
But if someone on NPR suggests that people should not be recycling their computers, or hitting their 486s with drill presses, it kind of sets off a Keystone Cops escapade of citizens calling my office to ask me to account for the day and time their Pentium 1 was destroyed in 2006. Most of those people brought their computer to a trailer where it sat for weeks at the town dump before we came and got it.
But I answer them patiently, because I know they are really concerned.
Here are my 3 favorite, most told stories about hard drives:
In 1999, when we held our first computer drive, I was trying to resell and repair as many as I could in a thrift store. That meant booting them up and erasing personal files, so that I could leave the original license on the computer and advertise it with the Adobe, Microsoft, etc. licenses still on it, adding hundreds of dollars in value to the thrift store customer. Within a week of trying it this way (and I was just one of 3 employees), I booted up a PC with a folder on it that said "Divorce". I was bitten simultaneously by curiosity and horror at my curiousity, like a high school teacher that saw a sexy cheerleader. I realized then and there that my method, whose sole intention was to preserve software value, was not scaleable, because I could not entrust that to employees.
Later in my career, one of the older ladies who had brought in a PC came in with second thoughts. She said she had donated it to us in the collection event, but now she was concerned that a young person might get the PC and use it to look at pornographic images. I thought she meant she had some on there and assured her it would be either destroyed or wiped. She said destroyed is fine. But she asked how wiping it will keep a young person from going online and downloading sexy images in the future? That my friends is a tough bar to leap over.
My third story goes even farther back, to when I was in the waste paper business at Earthworm Recycling in Boston. A big law firm that we collected waste paper from called and said there was a panic because they were missing a $6 Million bond note. One of the employees thought it might have been thrown out with the recycling. We told them the collection was a few days ago and the paper was probably baled by now. They sent 4 people to the baling plant, I guess with the idea that they could look through 100 tons of office paper and find their bond note. They looked at the piles of paper in front of the baler, and at the bales. "I'll tell them it's been shredded" said the lawyer, and he left.