Although it might seem obvious, you should spell out in your policies who actually owns content that is developed in your SharePoint Server 2007 systems and who owns the intellectual rights to that information. In most organizations, this has already been explained in a policy. But best practice is to include the SharePoint Server 2007 systems in that policy. If you have not done so, here are some topics to consider for inclusion in information privacy policies:
Right of management to examine data on SharePoint Server 2007 systems
Company ownership of all content developed on company-owned systems
Right of company, without notification, to add system administrators to sites as administrators
Permissible information to collect on employees when creating a contacts list
Permissible information to disclose on self in the My Site area
Expressions of personal views in My Site
Prohibiting collection of information about children of employees
Requirement of disclaimer when collecting information
Existence of personnel records in SharePoint Server 2007 prohibited without proper security
Disclosure of worker change of status notification
Prohibiting marketing or promotion of employee-owned businesses on company systems