I purposely phrased the subject line for its shock value.

In Canada (where I live & work) personal privacy is enshrined in the law. This means that a person has some degree of privacy that has to be respected with regards to surfing history, e-mail, voice mail, etc. on the corporate network.

Don't get me wrong: the law does not explicitly guarantee reasonable personal use of corporate assets; however, any perusal of a person's e-mail, voice mail, browsing history, etc. has to be done within certain guidelines.

For example, where I work, a manager cannot have access to his employee's e-mail without first making a request to IT Security and without valid reason. "Just because I have my suspicions" is not reason enough.

What is more, when the manager access the e-mail, it is with the security analyst present in order to ensure that the manager does not go beyond the reason that was given to gain access.

For cases of suspected abusive personal use, it is IT that conducts the investigation and reports results to the manager. This protects the privacy of the individual as the contents of the investigation are not divulged, just the results.