What about the dump
I've never been in the position of needing to dispose of computers which were too old for the business but still new enough to sell used. More than once however I've been faced with a roomful of old PCs which need to be thrown away in a sensible manner and it's extremely tempting to just put them in a van and take them to the dump.
Destroying the data is tedious and time-consuming - even just bashing the hard disk with a hammer requires unassembling the case and taking the disk out. Software kill is just as bad as you have to plug it into keyboard and monitor, power it up, fiddle with the BIOS to get it to boot DBAN and so on. Don't even get me started on thermite laser chainsaws from orbit.
There's no excuse for failing to secure sensitive personal data. But in practice some guy's boss is nagging him "why haven't you cleared out that old crap yet like I told you" and he's going to take the easy option, especially if it "only" means exposing a bunch of old emails nobody cares about.