How does an organization weigh the need to share data to the maximum extent to fully utilize this resource (data) for productivity across an organization (by insuring that the needed data is available to the users) with the opposing need to protect this data (from corruption and theft) that typically means controlling access to much/all of the data? What policy is prudent here?