Data that has been deleted or incorrectly sanitised can be easily recovered, leading to significant amounts of data remaining present and accessible.
This data might be attractive to certain threat actors seeking to exploit ineffective procedures, potentially resulting in the disclosure of sensitive information, reputational damage and regulatory breaches.