There’s a difference between having an audit trail and actually using it. I would be interested to know how often Facebook analyzes this data and actually fires people for improper usage.
I don’t have proof, but we were told that every access of sensitive data was actively audited. It’s very rare to need to do this for your job, so I don’t imagine it’s a huge volume of events to be audited.
From the article: Facebook fired 52 people from 2014 to August 2015 for abusing access to user data