...
you need to have an employee that you trust set it up in a new datacenter. If the employee is not trustworthy, he can repurpose the miner to mine on a pool account that does not belong to the owner of the miner.
...
While what you suggest may well happen or may even be common, it's not hard at all to completely lock down the miner sub-network in a data centre, to avoid this, and to increase network performance at the same time ...
If a datacenter customer is using the btc.com pool (for example), an untrustworthy employee could create his own btc.com pool account and have the miner mine on his pool account.
If for whatever reason, the above would not be an option, a corrupt employee could physically move a portion of miners to vacant space within the datacenter and bill the customer for electric usage. Or, he could run ethernet wiring from a network not associated with the customer into the location where the miners are stored.