I actually disagree that companies have an absolute right to do this. Whatever your policy may say, employees are going to do personal tasks at work. Some activities would fall in to a grey area:
- Signing up for direct deposit may involve logging on to your bank to get your acct #
- Some new health insurance plans incentivise participation in "healthy living" programs, including filling out surveys about your personal habits on your health insurance website, that should not be intercepted
- Emergency communications (which may still be over e-mail, or SMS via google voice)
Even logging in to one's personal e-mail is to be expected. Except in cases where such security is legally mandated, I don't think it's ethical to implement something like this. Even in cases where it is mandated, a "secure mode" would be better. Perhaps keep the really secure corporate information in a VM that is subject to SSL interception, but provide non-intercepted browser with no access to the secured data.