How should we control access to user data?

strategy (37), eng-strategy-book (25)