Companies and individuals aren't bothering to destroy data on hard drives before disposing of them, according to a BT-funded report by Glamorgan University.

Researchers probed over 300 second-hand hard drives and found everything from company secrets to material they handed over to the police to investigate for possible paedophile crimes. Many were laden with porn.

On many of the drives data had been deleted using the Windows delete function or by reformatting, both of which are easily reversible.

A quarter of the drives came from individuals who could be identified by the data left on the drive. Over a third came from businesses, of which 23 per cent could be identified from the data and five per cent of which contained sensitive company information. The rest could not be identified.

BT funded a similar study in 2005 and this year's report showed little improvement.

Dr Andy Jones, head of Security Technology Research at BT, who led the research said: "Given the level of exposure that the subject has received in recent times, the availability of suitable tools to ensure the safe disposal of information, increasing legislative pressure and the increasing literacy of computer users, it is difficult to understand or explain why there is such poor implementation of this knowledge and tools in ensuring that disks are effectively cleaned before they are disposed of.

"When organisations dispose of surplus and obsolete computers and hard disks, they must ensure that, whether they are handled by internal resources or through a third party contractor, adequate procedures are in place to destroy any data and also to check that the procedures that are in place are effective."

Dr Andrew Blyth, who leads the research team at the University added: "This research proves that companies and individuals still need to take this issue of the disposal of information stored on hard drives more seriously. Just from looking at this random sample it is obvious that there are millions of hard drives on public sale that still contain highly confidential material."

The drives were purchased from auctions in the UK, US, Australia and Germany. The UK fared relatively well in terms of wiping the drives – a quarter of the drives sourced there were wiped.