Comment by brendoelfrendo

What is the data classification of the data that they're accessing? Are they authorized to view it? Did they follow the normal procedures for accessing that data? Was their access limited to the information they needed to perform their stated function and nothing else? Was the data stored on or transferred through any systems that were not adequately secured?

It is entirely possible for an insider or internal data incident to be a "breach," regardless of whether the data leaked outside the org or they had the permission of the President. If someone came in to my office with an employee badge, said that they had been personally hired by the CEO, and demanded super admin access to all systems, I would laugh in their face. If anyone actually agreed to that person's demands, it would be a massive, all-hands-on-deck incident to figure out what they touched and how much we were going to get fined for the breach in security controls.