When I worked there back in the day, it was mostly a pro-active thing, especially for any repairs that weren't obvious hardware faults so that when/if something was fixed, we could validate that it was fixed for the actual user too. Customers for some reason I can't fathom (/s) absolutely hate it when they drop a machine off for repair, we "fix it" (by which I mean, do whatever or nothing and find that it works in a clean test image) and then when they take it home / turn it on at the store the problem remains because the issue was either software to begin with or a combination of hardware/software.
They equally hate the "we told you your computer would be ready in 3-5 days, but we haven't been able to reach you for the last 5 days to get your password since we determined it was a software issue and we couldn't go any further so it's still going to be another few days" experience.
So the default was to ask to make the experience as smooth as possible. But we were never instructed to pressure someone into giving up their password, just that we inform them upfront that without it all we can do is boot a test image to validate and that there's always the possibility software may play a part and still be a problem and we would want them to boot and confirm before leaving when they come to pick it up. Guest accounts were fine too. As was the customer giving us a formatted machine if they wanted. That was usually the best of the options because if the issue was present in a freshly formatted machine, we already rule out most / all of the software and we didn't have to deal with data loss issues (more than one customer signed the "I know I will likely lose data in this hard drive repair and I have a backup" line and then still pitched a fit when they did indeed lose data).
Apple had very strong rules about customer data privacy and snooping around was a good way to get fired (and I knew one person who did get fired for it). In fact, I've worked in health care and frankly Apple's rules for data privacy and secrecy (both theirs and their customers) was far more stringent than the health care job. HIPAA says protected info is any combination of identifying information AND medical information[1]. So your address and phone number, not PHI. A list of all your medications with nothing that identifies you, also not PHI. Technically your list of medications with your "patient number" could also be "not PHI" if the only thing there is no reasonable way for the patient number to be tied to identifying information without having access to the other protected data. At Apple, all data was considered private and confidential and anything that wasn't required to be kept for record keeping was to be shredded when it was no longer needed, regardless of whether that data could have ever been connected back to a customer.
Not to say that people don't abuse their access (again I knew someone who got fired for that), but at least in my time there they were very serious about only using the least access you needed and never told us to give anyone a hard time about wanting to keep their data private.
They shop can only be as serious about privacy as the local manager of that location is. Sounds like your manager was a mensch, but I would imagine (and the study indicates) most are not.
Agreed that (especially at scale) you're only as good as your local management is. But there's something to be said about company culture too, and Apple's infamous secrecy permeated all parts of the culture to apply to all data, not just Apple proprietary data. A manager that allowed employees to get away with snooping would have at the time found themselves just as fired as the snooping employees if/when word of that made it to the regional managers.
Whether it's still like that I couldn't say. From the outside, it certainly seems like some of that infamous secrecy has been toned dow. Though whether that's culture/company change or the nature of being so big that even the smallest parts of your supply chain make noise I couldn't say. At the size and rate they've grown the retail business, there's also the possibility of just hiring so many "warm bodies" that embedding that culture is more difficult too.
And being fair to this study's subjects, I'm not sure you can even say much about the managers themselves. This sort of thing would be exceptionally easy for any half way competent tech to do without tipping off their manager. Apple might have the power and clout to heavily restrict what devices you bring into the back rooms, but I suspect your average local tech shop isn't doing bag checks and device checks on their employees. Who's really going to question the local tech carrying one more thumb drive than normal? And since these are customer machines, it's not like you have corporate MDM software installed that can report when an external storage device is plugged in.
They equally hate the "we told you your computer would be ready in 3-5 days, but we haven't been able to reach you for the last 5 days to get your password since we determined it was a software issue and we couldn't go any further so it's still going to be another few days" experience.
So the default was to ask to make the experience as smooth as possible. But we were never instructed to pressure someone into giving up their password, just that we inform them upfront that without it all we can do is boot a test image to validate and that there's always the possibility software may play a part and still be a problem and we would want them to boot and confirm before leaving when they come to pick it up. Guest accounts were fine too. As was the customer giving us a formatted machine if they wanted. That was usually the best of the options because if the issue was present in a freshly formatted machine, we already rule out most / all of the software and we didn't have to deal with data loss issues (more than one customer signed the "I know I will likely lose data in this hard drive repair and I have a backup" line and then still pitched a fit when they did indeed lose data).
Apple had very strong rules about customer data privacy and snooping around was a good way to get fired (and I knew one person who did get fired for it). In fact, I've worked in health care and frankly Apple's rules for data privacy and secrecy (both theirs and their customers) was far more stringent than the health care job. HIPAA says protected info is any combination of identifying information AND medical information[1]. So your address and phone number, not PHI. A list of all your medications with nothing that identifies you, also not PHI. Technically your list of medications with your "patient number" could also be "not PHI" if the only thing there is no reasonable way for the patient number to be tied to identifying information without having access to the other protected data. At Apple, all data was considered private and confidential and anything that wasn't required to be kept for record keeping was to be shredded when it was no longer needed, regardless of whether that data could have ever been connected back to a customer.
Not to say that people don't abuse their access (again I knew someone who got fired for that), but at least in my time there they were very serious about only using the least access you needed and never told us to give anyone a hard time about wanting to keep their data private.
[1]: https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/un...