In security thinking, there are two basic concepts of access. One is Need To Know, the other is Free Access. Under Need To Know, access is only granted to those who have a specific need to access the information, regardless of what the information is. This should be familiar from all too many movies and TV shows, where the protagonist demands access to files, and is told “You don’t have a need to know”.
Under Free Access, access is open to all, the only exception being when access limitations are mandated by law (typically personnel files, things which are classified). This can be thought of as the academic ideal; all information is made available to all who want it, and the free flow of information and ideas is a good in and of itself.
I see information access management as happening on a sliding scale, where need to know and free access are the polar extremes; while need to know is often appropriate within the military, intelligence, and security communities, for most other purposes, a happy medium – closer to the free access end of the scale – is likely the best way of doing things internally, while external access to information might benefit from a more granular approach.
Let’s consider a publicly research institution. Any and all end results of the research they conduct should, in my opinion, be published, and publically available (though anonymized as appropriate). Research in progress, however, should not necessarily be made publicly (or externally) available, but should be available within the institution, and information about the research should be publicly available.
One way of ensuring that information is publicly available, is to establish a register of research projects, as Ben Goldacre and the All Trials advocate, and to ensure that all results are published. That way, even if the science confirms the null hypothesis, at least that information is then out there in the world, and means that there is more information to work with in the future.