Companies and organisations are still failing to put in place adequate procedures to safeguard the personal details of their employees and customers according to research from BT.

BT, working in conjunction with universities in the UK, Australia and the US, bought 300 second-hand hard drives from online auction sites and computer fairs and found a significant number - 37 per cent - still contained sensitive data.

Analysis showed that this included salary details, bank and credit account details and hospital/medical data. This left both organisations and individuals exposed to a range of potential crimes. These organisations had also failed to meet their statutory, regulatory and legal obligations.

BT said its findings show there has been no significant improvement on results obtained in 2006 and 2005; this showed the number of disks still containing information was 34 per cent and 52 per cent respectively.

Dr Andy Jones, head of security technology research at BT, said: “Given the level of exposure that the subjects of security and identity theft has received in recent times and the availability of suitable tools to ensure the safe disposal of information, it is difficult to understand why disks are still not being effectively cleaned before they are disposed of."

The research carried out by BT and the University of Glamorgan in Wales, Edith Cowan University in Australia and Longwood University in the USA also showed a substantial mixture of corporate and personal data. BT said this suggests that many users are working on corporate data at home.

Dr Andrew Blyth, who leads the research team at Glamorgan University, said the findings raised some serious concerns:"There are likely to be millions of hard drives on public sale, right now, that still contain highly confidential material."