Read your staff handbook, it should explain everything there. The company I currently work for has a fairly relaxed approach. Basically, I can't read your e-mails covertly without express permission from a managing partner. However, if I suspect something business affecting going on, I can as long as I document everything.
Sooner rather than later, the documentation will be changed to "we own the E-mail system, so we can access it when we like"
As for web browsing, its left up to the webproxy as to which sites to allow and we have a nice report generated giving us the top ten users.
I could set it up so that I can focus on a particular user if they come to my attention and set up monitoring to see how many blocked site a user has tried to access or whatever, but people here are generally well behaved.
As for MSN et al, you can't even set up a proxy back to your home pc here. There is one pc that sits on the DMZ for downloading patches/large files, even the IT machines don't have full internet access.