>it’s also that company’s responsibility
Is it? I mean legally. Obviously it’s dumb of Apple to have left this guys access open, but that doesn’t mean they actually had any legal responsibility to lock him out. As far as I understand, the law is pretty clear that you can’t access anything you’re not allowed to by policy, whether there’s a technical block or not.
While it doesn't apply in this particular case, for healthcare organizations the HIPAA privacy rule implies a legal responsibility to lock out terminated employees from any access to protected health information.