It doesn't need to be normal. There's no reason companies couldn't build a system that required approval from your manager before being able to access customer data. Any time a manager granted access, that could be audited by some second tier.
"Okay, stay on the line. My manager went to the bathroom 15 minutes ago, he should be back any minute, and then we can proceed with..."
After-the-fact accounting for all 'sensitive' actions would probably be more practical for most business needs.
I'd put a wizard in front of the thing that grants the access token to figure out the purpose and scope of the token needed.
Information request: "Rider History"
User: current caller
Scope: Between 9 AM and 11AM today
Reason: Lost an item this morning, need to lookup driver
If you were fancy you might even be able to convert the wizard's contained information into a request against the backend. Select trip.driver, trip.time from trips where user_id={caller_user_id} and time={9:00-11:00 today}
