There are companies out there that physically shred the disk drives - think of a paper shredder on steroids. And, they can provide a statement of physical destruction. Depending on the type and nature of information, this may be the best route to take - especially if you never want to hear your own or company name in the paper for "found data". I have used these services in prior jobs - when the data necessitated it.

Next best would be a combination of program destruction - as already discussed, and some physical destruction. It would at least deter the casual snoop to data.

The prevailing issue needs to be the kind of information and the need for protection. Obviously, credit card transactions or individual finance/health records would be more important than 5-year-old inventory logs from a supplier; and thus would need "better" destruction.