It is not uncommon to be able to retrieve information after a format.
I deal with sensitive information daily and there are procedures to ensure data is removed properly. You might want to take a look at the following...
http://opal.msu.montana.edu/desktop/dod5220.htm
To sanitize a hard disk requires 1 of the following:
a. Degauss with a Type I degausser
b. Degauss with a Type II degausser.
d. Overwrite all addressable locations with a character, its complement, then a random character and verify. THIS METHOD IS NOT APPROVED FOR SANITIZING MEDIA THAT CONTAINS TOP SECRET INFORMATION.
m. Destroy - Disintegrate, incinerate, pulverize, shred, or melt.
We use option m.