Protecting PCs doesn't stop when they are still being used by employees; it continues to the very end of a machine's life -- the day when it heads to the dump.
This was underscored recently by a NASA audit that revealed a number of security failures connected to machines slated for disposal. At NASA's Ames Research Center in California for example, there was no "sanitation verification testing" for PCs at the end of their life cycle. The situation was found to be the same at the Lyndon B. Johnson Space Center in Texas.
And the audit also found that 10 computers from the John F. Kennedy Space Center in Florida had been released to the public despite failing sanitation verification tests -- meaning they had not been properly wiped. Four other computers that failed the tests were confiscated by the auditors when they found the machines were being prepared for sale or release to the public.
"When we tested the confiscated computers, we discovered that one contained data subject to export control by the International Traffic in Arms Regulations (ITAR)," according to NASA's report (PDF).