Please show me teaching proper permissions discipline to a company that goes from 5 to 500 employees and ret-con it to all of the older files like that random spreadsheet the former head of HR shared with legal with various employee PII on it such as SSN, Salary, Sexual Orientation, Name your most sensitive employee data etc on it that IT now sees / owns.

That’s a problem with Office too.

I can assure you that some asshat HR dude has dropped the “Gay Employee PII DRAFT2 Pre Final.xlsx” on his home drive or saved it to a public folder while trying to email it to his Yahoo account to work on it at home.

There's always going to be a huge amount of documents and drafts that people don't want to publish to their team but still want to save. Occasionally there's value in mining through these after somebody leaves but it also creates a privacy law nightmare since personal folders even at work can situationally count as personal information.