I have contracted with many government agencies over 16 years. This issue is a lot larger than your one customer. When the government mandates that drives containing sensitive material be destroyed, they mean it, and will not back down, no matter how logical your alternative. The security gurus, if you can call them that, take the approach, better safe than sorry. Rather than doing an expensive study to determine if data truly is gone when you write it over dozens of times with random data, it's just easier to mandate to smash the hard drive with a 10 pound sledge dozens of times. That said, if the hard drives aren't changing hands, it seems silly to me that they'd mandate you destroy all of the old drives and start the same project over again with all new ones...unless I'm missing something. As long as the drives stay at the same classification from the same agency, usually they don't have to go anywhere. However, if the data from the old project must go away, and the new project is unrelated, I might see why they want the old data destroyed. In my experience, though, if equipment never leaves the room, and the room never changes classification, it usually stays. Remember, it's a "better safe than sorry" situation with the government. They won't listen to an alternative, because it's a government-wide security mandate, and they never deviate from those. Given a choice between listening to your security officer and listening to your intellect, listen to your security officer every time. You'll keep your job and your security clearance.