This really isn’t fair. It is not simply hope and pray: it is a clearly stated/enforced deterrent that anyone who violates the policy will be terminated. You lose your income and seriously harm your future career prospects. This is more or less the same policy that governments hold to bad actors (crime happens but perpetrators will be punished). I get that it is best to avoid the possibility of such incidents but it is not always practical and a strong punishment mechanism is a reasonable policy in these cases.

You don't think it's fair to expect a trillion-dollar business to implement effective technical measures to stop rogue (or hacked!) employees from accessing personal information about their users?

I'm not talking about small businesses here, but large corporations that have more than enough resources to do better than just auditing.

> crime happens but perpetrators will be punished

Societies can't prevent crime without draconian measures that stifle all of our freedoms to an extreme degree. Corporations can easily put barriers in place that make it much more difficult (or impossible) to gain unauthorized access to customer information. The entire system is under their control.

Okay, how do you want to implement those technical measures? I propose that we add a checkbox, for employees to click when they have gone rogue, or have been hacked. That way, when the box is checked, we can just reject those requests as being bad/wrong/illegal. Simple as that!

There may be some details with the implementation of this, but once we've got that check box, then things will be secure.

Or maybe trillions of dollars can't change digital physics. I don't care how much money you have, you can't make water not be wet.