but who is responsible?
the guy in charge,
or the over worked IT guy who wasn't properly allowed the time and space to actually wipe the machines?
it's all very well to say use DBAN, but if you do that where the PC is set up then you will get complaints from the guys who see their desk space being used by a useless box sitting in the way of their upgrade.
And I doubt that the IT offices are large enough to store a mountain of computers whilst they were waiting for the time to get around to wiping them before disposing of them...
I'm not defending them, just suggesting it's probably not that the person who put these there was likely up against it and it was just something that was overlooked.
or perhaps this is a good call to have a situation where no data is actually on the machines, and is instead only accessed, from some kind of large centralised database
(bring on the big databases... umm no wait,, I can't believe I just said that).