We have a lengthy document describing what data DBA's are permitted to access. You may want to engage HR and Legal in drafting your own data accessability guidelines and rules.
The two fundamental rules are:
Do not query records containing information about you, family member or friend.
Query data only in response to a ticketed request.