The rant about Google privacy is a kinda funny. Its the same for any doctors office, school, credit card company, etc.. heck, Google likely has more controls on privacy than your credit card company.
I've yet to have people show up at my doorstep or be pestered by companies charging my credit card by saying the wrong thing WITHOUT giving them my credit card details, or being erroneously signed up for some spam service on my cellphone that again puts charges on my bill without me agreeing to anything because of using Google.
And a note about internal checks and auditing. There has to be hordes of logs and info to sift through. Certain actions can help by setting off red flags, but its still a lot of data to pour through. More manpower and review = more cost.
Also, how do you balance the ease of getting something done with information security? HIPPA is for medical records and sometimes helps, often it puts a HUGE delay in place in getting any work done. Are you happy with getting an issue resolved right then and there, or in 3-4 weeks like medical record billing errors?
If you put tighter controls, it gets far harder to get work done, and creates a bad atmosphere for the employees to work in, possibly creating issues like this as well.
Say what you want to the information they have access to, unlike a lot of companies that only pay lip service to security and privacy issues, purposefully misuse data, I find Google's approach far better and reliable than any credit card company.