[Cryptography] Magnetic media destruction question

[Peter Gutmann]

Asking on behalf of a third party: It appears that customers of media
destruction companies have started asking for shredding beyond the maximum
levels specified in standards like DIN 66399, which is both difficult and
expensive to achieve (additional processing stages, higher energy consumption,
increased wear on equipment, etc).  Does anyone know what's driving this, is
it just the usual numerology approach to security?  It's hard to see how
anyone would be able to identify which of the million pieces of confetti in a
tub of shredded media are worth looking at let alone be able to recover
anything from the one piece of confetti they've picked out, which would
indicate it's been driven by numerology rather than actual threat analysis.

Are there any security standards that mandate beyond-DIN 66399 T-7 shredding?
And what threat modelling is being done that would imply someone can recover
data off a piece of confetti buried in among a million others?

Peter.