A buddy of mine used to have a PC that didn't work through his employer's network but tapped straight into the internet (not sure how that setup worked, so just bear with me). Recently, they moved from a wired network to a wireless one. To our knowledge, that machine is still set up with a direct connection (he uses an external computer system and it doesn't work well with the netowork).
A mutual friend of ours happened to mention the concept of a packet sniffer to him and now he's completely paranoid about using said PC for anything other than the strictest of business. A day gets boring, so you hit a few of your gaming forums, browse a bunch of news sites, and maybe doing some instant messaging (GMail ftw!), whatever. No, he's not hitting p*rn; he's bored, not a moron!
I've tried explaining to him that the only reason they're going to be checking his traffic is if he's given them a reason to do so. He busts his ass for the company, is almost always on time, works OT at the drop of a hat, and is basically his boss's right hand man. Even so, he won't so much as crack open his GMail now to check it during the day out of fear of Big Brother watching.
So I ask: How likely is it that his IT department is bothering to sit down and piece together his IM threads to find out about us talking about Dr. Who's season finale? Sure they COULD do that, but does any IT group turn that kind of stuff on by default, or is it only a "Yeah, this is Jones up in Finance. I want to keep track of Larry Riley...can you see what he's doing online?"