I still don't think it is a 'law', hence illegal? I think if data WERE recovered from the drive and 'losses' happened because you didn't wipe it correctly, you could be held liable? It is all about taking the proper precautions and protection.
I guess if you were a CIA agent and had sensitive data on YOUR personal computer, wiped the drive in a non-recommended method, sold the computer, and someone retrieved the sensitive data off of it, and it was discovered the data was compromised because of what you did, you could be in BIG trouble. If on the other hand it was just your social security number that was there, wiped in the non-preferred method, sold, and someone got that SS number and did some identity theft with it, even if discovered how they got the number, nothing might happen? Who knows... Of course, I am NOT a Lawyer either.
Worried, consult a Lawyer, don't trust us.