> This differentiation between 'having data' and 'analysing data' is not one we'd generally make in the IT world - because if they already have the boxes in their possession, how do we know they are getting the right permission before they open the boxes? How is any oversight possible in that situation?
I don't think it is possible: that's precisely why it's not a distinction made in the IT world: we don't have the apparatus of courts and judges. In the IT world, the primary issue is about security. You have a walled garden and you don't want to let bad people in. Logistics is secondary. Whereas in the IC world, logistics appears to be the harder problem, and keeping the bad people out is already solved to their satisfaction. The challenge is to make sure everyone who needs the data has it.
I don't think it is possible: that's precisely why it's not a distinction made in the IT world: we don't have the apparatus of courts and judges. In the IT world, the primary issue is about security. You have a walled garden and you don't want to let bad people in. Logistics is secondary. Whereas in the IC world, logistics appears to be the harder problem, and keeping the bad people out is already solved to their satisfaction. The challenge is to make sure everyone who needs the data has it.