Re: This should be covered by a different clause in the contract
I suspect that's what the lawsuit will hinge on. Bear in mind it's simply not possible for a sysadmin to have specific, immediate authorization for every instance of destroying information - they spend a significant proportion of each day doing just that (dropping tables, overwriting old backups, revoking access, deleting database records and so on) - so a typical employment contract will contain a blanket authorization as part of regular day-to-day duties. Where this case differs is context not content, whether this context was provably malicious; and whether that in itself constitutes a criminal offense.