Although it might seem obvious, you should spell out in your policies who actually owns content that is developed in your SharePoint Server 2007 systems and who owns the intellectual rights to that information. In most organizations, this has already been explained in a policy. But best practice is to include the SharePoint Server 2007 systems in that policy. If you have not done so, here are some topics to consider for inclusion in information privacy policies:
Right of management to examine data on SharePoint Server 2007 systems
Company ownership of all content developed on company-owned systems
Right of company, without notification, to add system administrators to sites as administrators
Permissible information to collect on ...