My thoughts are similar to those which have already been posted, but here's my two cents anyways.
1.) Do something about that IT staff. Their behavior is unprofessional at best, borderline illegal at worst. As Network and Systems Administrators, we essentially have the "keys to the kingdom." As such, it is our responsibility to exercise professionalism and discretion at all times. We are entrusted with this data -- employee data, customer data, what-have-you -- because it needs to be managed, secured, transported, and we know how to do that. When I ponder this, it sometimes brings to mind a line from Angels & Demons: "Be delicate with our treasures." If management has asked that the late co-worker's email be opened and archived, and that email happens to contain pictures of him in a tutu and a snorkel dancing hip-deep in a lake, and IT happens to see these photos, it is their responsibility to maintain their professionalism, and to say nothing about it.
2.) Do not, for any reason, store personal data on company resources. Period. Company resources belong to the company, and, as such, the company has the right to inspect any and all data which those resources may contain. My personal data on my laptop, and my personal mail (which sits on an IMAP server which I administer and to which I have physical access) are backed up to DVD every quarter, and those DVDs are placed in an envelope in a sealed plastic bag - along with a hardcopy of my password spreadsheet - in a safe-deposit box. My Will clearly states who gets access to that box if I should happen to fall under a bus, as does the paperwork at the institution which houses the box. It's not the fanciest solution, but it's effective, and I like it.