Control of Information
If data is commercially valuable then access to it must be controlled. Otherwise a potentially valuable resource could be stolen or damaged A company may have sensitive information that it would not want its rivals to gain access to. It may want to restrict access to data so that unauthorised changes are not made. It may want to ensure that a payment has been made before data is disclosed.
In the case of personal data there are legal restrictions on the access to data. These do not prevent the firm selling data to others but they can only do this if they have registered this as one of the purposes for which the data is being stored. They can only pass the data to another registered user. Note that when a data user registers to store personal data they must also register the sources and destinations as well as the uses of the data.
In addition to commercial considerations the data user has a legal obligation to prevent unauthorised access to personal data. When data is being updated on-line then access must be carefully controlled because the data will be changing all the time. Access levels that are possible are:
| None | User cannot obtain information nor change data |
| Read only access | User can obtain information but not change the data |
| Read/write access | User can change data as well as obtain information |
| Append only access | User cannot change existing data but can add new data |
| Full access | User can add / change and delete data |
Note that type of access may vary according to what else is going on in the system. In a flight seat booking system, for example, only one user at a time should be allowed write access to a particular booking record otherwise both might attempt to register a booking for the same seat at the same time. A temporary lock will prevent the second user gaining write access to the file until the first use has completed their transaction.
© LEV
