Around one in five mobile phones and PDAs bought second-hand still contain sensitive information that could be used by criminals.

Researchers from BT, the University of Glamorgan in Wales and Edith Cowan University in Australia bought 161 used gadgets from various places, including Ebay.

These everyday items now contain sophisticated digital memory capable of storing huge amounts of sensitive data. Personal information about the previous owners or the companies they worked for was found on 43 per cent of the items examined.

This included data such as bank account or personal medical details or important company data. Using commercially available software, the researchers were able to extract enough information from the simplest mobile phones to identify the phone’s previous owner and employer.

In the wrong hands, this poses a significant threat to both the individual and their employer. Organisations that had donated some of the devices had also failed to meet their statutory, regulatory and legal obligations.

Dr Andy Jones, head of information security research at BT, who led the survey, said: “Given the level of exposure that the subject of security and identity theft has recently received, and the availability of suitable tools to ensure the safe disposal of information, it is difficult to understand why organisations are not taking the necessary precautions when disposing of handheld devices.”

Many large organisations currently dispose of obsolete handheld devices by donating them to charities.

It was discovered during the course of the research that a number of these charities then pass on a large percentage of these devices to places like China and Nigeria; both of which are regarded as posing a real threat to the security of information.

The devices containing the greatest volume of information were discarded Blackberry devices, which in a number of cases were left unprotected, despite having security features such as encryption built in.

In one example, a Blackberry was examined that had been used by the sales director for Europe, the Middle East and Africa of a major Japanese corporation.

It was possible to recover the call history, the address book, the diary and the messages from the device. Among the information that these provided the researchers were able to read the business plan of the organisation for the next period and customer details.

The sales director’s personal details were also recovered including details of their children, their occupations, movements, his dental and medical care provider, plus bank details; even the make of his car and registration.