FireMogle said:
Anything not ecrypted can be monitored if they want to. If you are worried about emails I would use a web based email service with https. gmail for example can be used with that and because its encrypted they cant tell if you are plotting the burn down the building or going to donate your next check to them.
That is unless they use somthing on your machine.
It's called a sniffer.
And 'encrypted' traffic could, eventually, be decrypted, but the majority of inet/tcp traffic is sent in the clear so there's no need to bother with trying to break SSL.
Logging is a sound security practice. Period. So just get used to it.
If it goes over the wire your IS Security folks can read it with no legal hoops to jump through.
MORALLY speaking, we (we, IS Security) will not do so unless there's a damned good reason since we like our privacy too. Some companies will have corporate compliance policy requiring signatures from, say, Legal, and the HR investigative department before the information security group can even crack a file or fire up a sniffer. So you're probably alright.
As for acceptable use of company systems, it depends on how anal-retentive they are and what precisely your job function is. For me, "acceptable use" includes going to the website for, say, nmap, or The Register, because I'm in the information security business and those sites are directly related to my job function. I've been in environments where web-based email is prohibited, mostly because that stuff can bypass every defensive measure in place on the network, straight through the firewalls and anti-virus boxen.
If you work for a not-so-high profile company, chances are the head guy of the networking department probably doesn't read every log entry or every site all employees go too.
Yes, that's what the junior members of the team are for.
They do the heavy lifting while the senior members of the team work on fun and cool projects.