Solution of course is not to create the ability, unless it's an industry where such an ability is required. I certainly discourage even creating such an ability unless necessity for it can be demonstrated. Storing all corporate e-mail is one thing, even blocking outside e-mail services, but logging all Web access and having someone actually read the logs is a big waste of fawking time and money. And if you're logging, then NOT examining the logs creates more exposure, thus better not to collect in the first place.

I'd rather take a tiny extra risk of a lawsuit than be a snitch.