How should we control access to user data?

strategy (44), eng-strategy-book (34)