I posted this as a comment over on LinkedIn, but thought it was worth reposting on its own.
Privacy professionals can haggle over whether any given situation requires overwrite, multi-pass overwrite, degaussing, physical destruction or whatever else. The 99% issue is that people treat the trashcan icon on their computers as though it really and completely disposed of the file.
Closely related is the fallacy that your login password will protect your hard drive if your computer is sold / stolen.
I heard something recently at a conference which really struck a chord with me. It was about USB drives as attack vectors, but the argument applies very broadly.
We have spent many years trying to educate our way to computer security. It is very clear that is a failed strategy and given the relative immutability of human nature it is highly unlikely to ever be a successful strategy.
At this point, if I sell my password protected computer and that leads to my identity being stolen, shame on us as engineers who designed such a fragile system with such a huge and foreseeable failure mode.
We can argue about whether it should be a password or pass phrase, if there should be biometrics or other multi-factor authentication schemes, but lets at least make sure there is a door on the house and ensure that it is closed before debating tumbler lock vs. keypad.