In a modern medical practice, most data is stored electronically. National Privacy Principle 4.1 states:
An organisation must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.
So when a hard drive belonging to one of our server’s RAID arrays failed, I couldn’t just throw it in the rubbish bin. I had to do my best to prevent any data being recovered from it in the event someone should try. With a working disk I would have used software to overwrite the data on the disk, but in this case more extreme measures were called for.
Although it might still be possible for some data to be recovered from the drive, an organisation with the resources to do so probably already knows more about our patients than they do about themselves.