Restricting access to confidential information is a good example of a way to maintain confidentiality. However, the value of sharing information is equally important in the right circumstances.
Systems administrators at UCL, for instance, have access to the systems that hold data on ISD services. Without them being able to access those systems, the storage of electronic data on those systems would deteriorate.
In order to restrict access to small numbers of people with a ‘need to know’, you need to set permissions to the services where your data can be accessed from. Folders are a typical way of segregating access to data. ISD storage provides users access to folders that they have been permitted to access by the information asset owner.
The Data Safe Haven also uses folders to segregate data access between users. Users are given permission to access all files within a folder. Since the information asset owner will be accountable for anyone accessing their data, there should only be one information asset owner per folder who should be clearly marked when applying for space on that service and systems administrators should be notified when that owner is due to change.