Originally Posted by
milski
IT/the company can have access to virtually anything - whatever you type, send or receive. VPN/HTTPS are not a factor anymore since they can either collect the data on your device after decryption, or use other means to decrypt the traffic without causing warnings. Depending on where you live/work the expectations to disclose any of those to employees may vary from fairly rigid to none.
Thanks!
This is very helpful to help me understand this stuff better. Our firm's internal policy is that nothing should be disclosed without a clear business purpose for doing so. As I've said, my penchant for browsing on espn.com was meant to bring some levity to an otherwise dry meeting. He probably felt I wouldn't mind, and I didn't; however, I've made it clear they had better not do it again, to anyone.