Last October, an Apple Store in Brisbane, Australia terminated some of its employees after they were accused of searching customers' devices for sexually explicit selfies and sharing them with colleagues, rating them on a scale of 1-10.
The employees were also accused of covertly photographing female customers and co-workers, including "upskirt" photos.
Though Apple fired the employees, it denied that they engaged in these activities. The Australian privacy commissioner is investigating the allegations.
The privacy invasions were possible, in part, because Apple has a policy of requiring customers to unlock their phones when putting them in for service (this is common among many kinds of device repair services, and unquestionably makes repair and testing simpler). This works fine, but fails badly: all it takes is one unethical technician to make the whole thing go very badly indeed. Alternatives to this would include asking customers to back up their devices to Apple's cloud servers (which are accessible to fewer, better-vetted technicians) and wipe them — even better would be to use end-to-end encryption in cloud backups, so that customers' data would be private except in the case of bad passwords, malware, or defects in the software.
"This is an important reminder that all organisations that collect and manage personal information need to embed a culture of privacy and ensure employees understand their responsibilities," he said.
"Organisations must also take reasonable steps to protect the personal information it holds from misuse, interference and loss, as well as unauthorised access, modification or disclosure."
(via Naked Capitalism)