That means someone needs to go through everything and decide what is sensitive and not sensitive, both from a business perspective and with respect to privacy laws.

I recently went through a bunch of older board meeting minutes and related materials from a non-profit because we were considering donating it to an archive. I scanned a few things but basically decided there was too much potentially sensitive stuff. Yeah, it was old but just too much dirty laundry that someone could take out of context that it wasn't worth the scrubbing.