HIPPA Requirement
When I was doing desktop support for a healthcare organisation we were required to run a disk killer on any drive that we replaced with new. The old one got hooked into a burn system and the HDD overwritten in two passes- the first pass laid down ones, the second pass overwrote the ones with zeros.
While I can write the requirement into a project plan, I can also almost guarentee that someone will ask why that step is being taken. In a healthcare environment it is easily validated- HIPPA compliance is a major issue. Unfortunately, the compliance requirements in the Financial world are not yet as robust. Sure, we know that NPI data has to be protected but no one has set the bar on what that means. So data gets out.
And we continually fight the "Everyone but Me" battle- compliance is always meant for someone else to manage to.
Edit typo
