Something wrong is happening on your network. Call it human nature or simply a few bad apples, but unless your organization is miraculously different from all others, someone is leaking information, someone else is dabbling in porn, and someone else is probably doing a handsome business on eBay—on one of your servers.
Your organization has policies about this—and your industry may have regulations that pertain, as well. You need to ensure these policies are complied with—or you need to collect evidence to take action when they’re not.
When you suspect something is wrong, do you have the means to conduct an investigation? How do you collect evidence—digital evidence—when there are so many channels of communication (email, Web mail, IM, etc.), and so many places to look on your network?
I review these and other issues for a white paper for WildPackets.