It reads to me like she was using her personal phone to access corp, not a corp phone to access personal stuff. They absolutely will wipe your personal phone in that scenario
If the user had the phone configured as a corp phone and was taking photos and did not have Cloud backup enabled to automatically shunt those photos to their personal account, then when the phone is forcefully de-corped, it will try to purge local photo cache (because there's no way to know if photos in local cache were corp-sensitive or not, so the conservative solution is "Burn it all down").
Of course, if the user does have their Cloud backup enabled to automatically shunt photos, they're at risk of using the phone in a work environment and accidentally storing proprietary info in their personal account.
The fact the camera UI doesn't really allow you to choose what account you're snapping photos under makes the whole arrangement lose-lose, and this is a really easy failure mode for a user to find themselves in if they don't see it coming.
And if they did have their cloud backup enabled and it copied over some photos taken for work then wouldn't they immediately be likely in breach of whatever NDA they signed?
Sounds like a lose-lose and I'm a strong believer in that if a company the size and as wealthy as big G wants a contractor to make use of a device to accomplish a task for them, they can provide the device and do what they will to it afterward and then re-purpose it for the next round of business. This isn't a new operational pattern, and I've never experienced otherwise. They don't need to buy new, just keep a supply of devices for contractors.
The device policy is simple. If you add a Corp account to any phone it's subject to device policy, including wipeout after you get fired. It's very obvious when you enroll.
Not so simple, it depends how the MDM/EMM is set-up.
If it's set up to entirely manage the device, then yes it will get fully wiped (we do this for corporate-owned device).
A personal device can access our environment if requested (they have to sign an agreement form, explaining what we can or cannot do) and a work sandbox will be created, in which only the apps installed in this sandbox will have access to corporate data (ex: you'll have a copy of Gmail, Hangouts, Drive, etc in the sandbox).
In the situation of a personal device, a wipe will only remove that sandbox, leaving the personal data untouched.
Of course, if the user does have their Cloud backup enabled to automatically shunt photos, they're at risk of using the phone in a work environment and accidentally storing proprietary info in their personal account.
The fact the camera UI doesn't really allow you to choose what account you're snapping photos under makes the whole arrangement lose-lose, and this is a really easy failure mode for a user to find themselves in if they don't see it coming.