The advice came after researchers from Glamorgan University found business execu- tives' passwords and user names on second-hand disc drives bought on the eBay auction site.
Sensitive information from financial services firm Skandia, food biotechnology company Monsanto and Scottish & Newcastle's pubs division was discovered on PCs acquired by Glamor- gan University, researchers said.
Businesses disposing of computers have a legal obligation under the Data Protection Act to ensure private data held on them is removed.
Kirstie McIntyre, manager of the waste electrical and electronic equipment programme at Hewlett-Packard, which offers IT recycling services to its customers, said, "The onus should still be on the customer to make their data safe, because it is their data."
Arthur Barnes, principal consultant at Diagonal Security, said, "If a company breaches the Data Protection Act, the responsibility rests squarely on the shoulders of the company's IT department, CIO and CEO."