What options are available to leverage Office graph without introducing compliance issues/concerns across potentially unauthorised access to content that may have been improperly secured at the source?

This is of particular concern when migrating content from legacy solutions/platforms to SPO/ODFB, where the need to secure content using ACLs may not have been as critical given limited knowledge/search functionality of the source platform (i.e. security by obscurity).

Is there any way to prevent Office Graph to present select content to users, much in the same way you can prevent Delve from exposing content (e.g. by either opting out of Delve at the user level, or using HideFromDelve work-around in SharePoint)?  For example, hide all content that is identified as HBI (e.g. using metadata classification at the site/content level) from being presented via Office Graph?

Also, do the Delve work-arounds mentioned above also apply to other delve-like capabilities (e.g. new "Discover" capability within ODFB, new SharePoint home page/contact cards, Office 2016 info panel showing users and what they are working on, etc.)?