One-in-10 second-hand hard drives still contain the original user's personal information, suggests an investigation by the UK's Information Commissioner's Office (ICO).
It purchased devices from auction sites such as eBay and computer fairs.
Of the 200 hard disks collected, 11% contained personal information.
At least two of the drives had enough information to enable someone to steal the former owners' identities, the watchdog said.
A separate survey by the ICO indicated that one in 10 people who had disposed of a mobile phone, computer or laptop had not wiped the device.
21% of users now chose to sell their old mobile phones, computers and laptops rather than get rid of them, it suggested. It added that the trend was even more common among 18-24 year-olds among whom the figure rose to 31%.
"We live in a world where personal and company information is a highly valuable commodity," said Information Commissioner Christopher Graham.
"It is important that people do everything they can to stop their details from falling into the wrong hands."
For its investigation, the ICO employed computer forensic firm NCC Group to source and scour around 200 hard drives, 20 memory sticks and 10 mobile phones.
Nearly half (48%) contained some information. 11% of the devices held personal information.
Among the 34,000 files found were scanned bank statements, passports, information on previous driving offences and some medical details.
Four of the hard drives came from organisations rather than individuals and contained information about employees and clients, including health and financial details.
All four organisations had been contacted, and had subsequently taken action to securely erase data on old equipment, the ICO said.
One - Safe and Secure Insurances Services Limited - has agreed to introduce further improvements.
"People are in danger of becoming a soft touch for online fraudsters," warned Mr Graham.
"Many people will presume that pressing the delete button on a computer file means that it is gone forever. However this information can easily be recovered."
In response to its findings, the ICO has published guidance for individuals on how to securely delete information.