The KAUST Information Technology Department blog
11 June, 2026
A few small habits are behind most data hygiene issues at KAUST. Here is what they look like and what to do instead.
Sharing is how work gets done at KAUST. The problem is not the act of sharing. It is the default settings, the forgotten links, and the access that quietly outlasts the reason it was created. Small choices add up across files, folders, and sites in ways nobody planned for.
Here are four habits worth fixing.
Anyone links require no sign-in and can be forwarded to people you never intended to include. There is no way to know who ultimately uses them. Microsoft now caps them at 90 days, but a 90-day open window on Internal or Restricted content is still a long time.
If the content is not genuinely public, a Specific People link gives you the same ease of sharing with one important difference: if the link ends up somewhere it should not, it simply will not work for the wrong person.
A useful test: if you would not post the file on a public website, Anyone is probably not the right choice.
Temporary sharing has a way of becoming permanent. A contractor reviews a document. An external collaborator contributes to a project. The work ends, but the access stays.
Set an expiry date at the point of sharing, not as an afterthought.
If someone needs access for longer, they can ask. That is a much healthier dynamic than access that quietly persists with nobody keeping track.
SharePoint sites can end up giving access to far more people than intended, often because a default was never reviewed after setup. Most of those people will never stumble across the content. But the access is there.
This matters more now. AI tools like Microsoft Copilot surface content based on existing permissions, which means data that was broadly shared years ago can reappear through AI-generated responses in ways nobody anticipated. If that content includes anything Restricted, it is worth reviewing.
If you manage a SharePoint site, check who has access. The goal is not to lock everything down. The goal is to make sure the access reflects the actual intent.
When a colleague moves to a different team or department, the access they had to shared files does not automatically update. It stays in place until someone removes it.
When a project wraps up, review the sharing on the main files and remove anyone who no longer needs it.
When a colleague moves to a new role, check whether they still have direct access to things you shared with them personally.
The Shared by Me view in OneDrive shows everything you have actively shared and with whom. It takes less time to review than most people expect.
Before sharing, the question is not whether there is a reason not to. It is whether this person genuinely needs this access, and for how long. That shift, from sharing as a default to sharing as a deliberate choice, is what responsible data stewardship looks like in practice.
