Data privacy issues are increasingly becoming important for many applications. Traditionally, research in the database community in the area of data security can be broadly classified into access control research and data privacy research. Surprisingly, there is little overlap between these two areas. In this paper, we open up a discussion that asks if there is a suitable middle-ground between these areas. Given that the only infrastructure provided by database systems where much sensitive data resides is access control, we ask the question how the database systems infrastructure can step up to assist with privacy needs.