We “allow” our staff to do the same thing but they are expected to “check” the data and always ensure that for example if you are giving out invoice data that the “legal” document is the paper invoice or EDI invoice itself.
We also cover in their contracts and Company handbooks about misuse of data, data compliance etc
The “for” argument is customers\suppliers will always ask for data to improve matching, analysis etc and is quite efficient.
The “against” is someone who does not check this data, validate it is correct before sending
Based on your “colleagues” response I would restrict it to key and trustworthy individuals whose job it is to send “valuable” data