- What are the consequences of it getting in the wrong hands? Self explanatory, but probably the most important one. What are the consequences of a leak, and what ramifications does it have for you or others?
- Can the data be reset or revoked easily? For example, I would consider a password for this forum to be less sensitive than a scanned copy of a birth certificate or passport.
- How easy is it for the data to end up in the wrong hands? Encryption makes it a lot harder, and so you may be able to afford to spend less time destroying it, generally one random pass and a zero pass will do the trick.
- How likely is it to end up in the wrong hands? Unless the orphanage you're donating the PC to is full of evil hackers from the Netherlands, the data is not as likely to end up in the wrong hands as leaving it out on the side of the road or in a dumpster.
- How capable and motivated are your worst adversaries? So let's say the orphanage is called "Kwaadaardige hackers van Nederland die van Google Translate houden, verenigen zich!" They may have more resources than an orphanage called "Niets om hier te zien, ga mee!" who aren't interested or capable of accessing your personal data, and just want to watch the latest episode of Game of Thrones.
I like using the ATA secure erase first to hit the bad/reallocated sectors (that tools like nwipe can't get to), then use something like nwipe. On an SSD I might use a second round of ATA secure erase, which resets the drive to its factory state.
One use for ATA secure erase isn't even security related: if I have to reinstall the OS for some reason I like to start with a clean slate.
The main disadvantage of my method is time, particularly with a HDD.