Which is exactly why insider threats should be explored as a threat-model and mitigated to make the blast radius as small as possible via rate PII sanitization, access controls, access monitoring, rate limiting, etc.