Originally Posted by Perfect Storm
If it's the company's device, or they're paying the service, you can take whatever data you want from it. Just like a computer you use at your desk: at any time someone above you can confiscate it can do what they want with the data
Don't be so naive to corporate law, though. Trust me, this sort of approach to privacy matters, even on company-owned equipment and resources, will land a company in a whole world of trouble.
Any decision to monitor something along these lines should come from Human Resources/Employee Relations and Legal. Without their blessing, I'd be hard-pressed to even think about looking at any collected data through auditing policies.
At former companies that I've worked for, even if the auditing was turned on and log files or databases were being populated with this data and I had access to look at it openly, process/procedure specified that we'd need the written (email/paper) approval from one or more of those departments before we could have the authority to actually view it.