At the moment the access controls are quite limited, and entirely on the user side, rather than the content side. The only controls are whether a user can see their contacts, their team's contacts, or all contacts.
Sometimes you want a contact/company/deal to only be visible to certain people (e.g. their owner), and currently there is no way of doing that. You can utilise teams to make it so that all contacts assigned to a person or team are only visible to that person or team, but there is no way for this to be set on a per contact basis.
This feature would make it much easier to control access and improve security and compliance. When combined with email logging, it will also help avoid people seeing emails that they shouldn't.