As data increase in complexity, it becomes increasingly difficult to define a good security model that works well for different types of collaborating users. For example, customers of an online file-sharing business need to be able to access files from the company's database, but they should not be able to see contents pertaining to other customers, such as credit card numbers or e-mail-address. Recognizing that we must allow access to many types of users - each with their own objectives and ethics - means that a simple good guy/bad guy access model is inadequate. While access control working alongside release control will improve the protection of privacy, complex security definitions may conflict with each other or even form security holes, Wiederhold says. "The scope of potential use of data is so large that no approach that relies on any specific data organization will be adequate for all future needs," he says. "But relying only on access control is certainly inadequate."