You are completely right. Sensitive customer information should be only accessible as a per need basis. It's very bad practice, possibly illegal in many countries, to have free access to production customer data. It's also quite dangerous for a big company. Production databases should not be accessible by developers, logs should need enough to debug problems, and should be scrapped after some time. Metrics can be stored as long as needed, as should not contain personal data but just counters, averages, etc.
A responsible company would consider "sensitive customer information" to be pretty much every bit of customer information - names, addresses, phone numbers, bank accounts. Maybe low-level developers won't have access to that but every member of the infrastructure and customer facing teams will in some fashion because it's 100% part of their job and odds are good that's the majority of the people in the company.
