In my ex-registrar life years ago, first-level employees are easily able to see a domain's actual details despite using the WHOIS privacy. They mainly access that to verify who they're communicating with over the phone, ticket or email prior to accommodating them for whatever request.
I've been hard on Moniker for allowing access to information under privacy. The reality is that I imagine almost every registrar would fail on the same grounds if it came to looking at how they managed privacy information. I hadn't really thought about it much from a data management perspective.
Why? Because registrars are in the business of managing domains and associating it with an account. The support teams are usually working within both realms. People buy a domain and associate it with a real account that contains their personal information. Then, AFTER defining that relationship, they apply a thin veil of privacy to the external world by changing the whois entry.
There is no technical reason that anyone at a registrar in a support role would ever need to know more about you than the account/pin to manage a domain. There is no technical reason that anyone at a registrar in a support role would ever need to know your domains to manage your account information.
These are separate realms.
For the $1 a year they make on privacy and the $1 a year they make on your domain it's not worth them keeping the data separate. This is the big difference between banks and registrars: money - banks are going to charge you an extra $1 per ATM transaction
So while I still stand by most of what I've said, I've softened a little because I think the real access issue probably exists at most registrars who manage accounts/domains the same way. I've also softened on what Moniker could and shouldn't have done. I don't think they're different than any other registrar on this issue.
At the end of the day, Moniker only had the option of firing CP. I'm not sure that legally it would make sense to comment on a single internal incident as that would likely have violated the privacy of CP... ironic, that.
Privacy was always just a fake money making add on anyway.
Hopefully my last post on this - as it's beating a dead horse and I'm not really in a position to comment accurately on anyone's internal organization. Blah blah...
Perfect opportunity for a registrar to explain how they do it right .... IMHO