It's all too difficult
"Insiders are worse than hackers because there's no way to protect against them that's truly effective,"
It couldn't be truly effective if there were many rogue insiders working together, but surely there can be methods of 'dual authorisation' that would work. How many people in AT&T (and similar), on a day to day basis, actually need to access the sensitive information of customers? Not many I'd guess. How many customers a day do they need to access in this manner? Not many I'd guess.
Make all such data access a 'red flag' operation that is marked for oversight by a higher level manager in a different department. Have any mass access require a further password to be entered by a higher level manager in a different department. etc.
People would moan and complain, yes, but the answer to that is, "It's part of your job, so if you don't like it then go looking for another job."