If someone is employed, there are things that are not done in terms of monitoring (no real-time screen watching, no accessing exchange mailbox data, etc.), but once Joe Smith is released, can/should a search of the user jsmith be conducted? Should jsmith's profile be searched for unauthorized websites, logs, old emails sent to other companies, etc....as a way to learn what to look for going forward?