Re: Investigating RDA ?
Would you do business with a PC shop that openly admits it examines data on PCs that pass through their hands?
The guys I use to get rid of my old technology routinely ask "any disks in this equipment" and if so part of their service is to definitively wipe or destroy (my choice) regardless of whether there's any data on the disks. Of course that does leave a matter of trust but in UK and probably most of Europe the act of looking at the data on any disks without permission would be an offence.
It's also an offence not to destroy the data before disposal so the school hasn't covered itself in glory either but do some not necessarily IT literate admin people think about that when there's a stash of redundant kit going to auction, maybe like this one https://www.sbcisd.net/apps/news/article/828912 with a mixed bag that might include Playground equipment, Sewing machines, Computers/TV's/laptops
OK so RDA are claiming to be acting in a public spirited manner because "he alleges some computers sold by the district went to foreign buyers" but wants the school to buy back the entire 514 machines (perhaps at a substantial mark-up?) AND he wants to rubbish the school's reputation and get his name in the headlines - well he succeeded in that.
Maybe the auctioneers have some responsibility too, did the sale catalogue make any explicit reference to the status of the disks. In my opinion they should be aware of risks inherent in what they are auctioning. If they were selling hand grenades I would expect them to state whether they were inactivated, dummies or contained detonator and explosive charge.
Bear in mind that the value of a completely wiped PC may be less than one that can be booted up into a valid operating system.
Not just from a security perspective any individual relinquishing control of a PC (a student at the end of the school year?) should ensure there's no personal data remaining, so should anyone responsible for disposal of obsolete kit and IMHO ethically, morally and possibly legally, anyone finding they are in receipt of personal data to which they are not entitled, is not entitled to use that for personal or financial gain.