We have grouped our privacy-protective capabilities under two broad umbrellas—access and oversight. In this section, we discuss architectural choices related to data access. Access refers to the ability of users to see, share, and manipulate data within a system. The more precisely you can control access and the more nuanced those control decisions can be, the more flexibility your users have in finding ways to work with data within the FIPPs paradigm. A data-processing technology will generally function within a larger IT system that in itself must be secure as discussed in Chapter 5 on Security Architecture. Chapters 6 and 7 then explore the myriad possibilities for privacy protection offered by application-level access controls. As we’ll show, these can be configured to do far more than just provide all-or-nothing access to data.