How should we control access to user data?

strategy (38), eng-strategy-book (26)