> and inadvertently accessed a system in a way he didn't realized was a privacy violation
Sounds like they need better controls, there shouldn't be ways to inadvertently access personal data and violate someone's privacy. Particularly not at such a mature company.
I don't work there but I imagine when this happens it's because the employee needs access to the resource for some legit reasons, but accessing it for illegitimate reason is what amounts to the violation. So access controls here would amount to reviewing the reasons for the access.
Solution would then be to ask for and log the reason for the access. Possibly with an approval needed by a second person. You can still lie about why you need access, but at least it is logged then.
The controls have gotten better / more explicit over time. They flash you up a pretty explicit clickthrough wall now. And there's pretty explicit training that you hand off issues for friends/family to a 3rd party engineer to handle rather than accessing user/friend data yourself.
When I worked at Google it was literally impossible to access personal data like this in most roles, even for my own account. So it seems like meta leaves something to be desired if it's a click through and a policy.
