It’s been my sad experience over the last 20+ years, that what’s in the IT Policy vs. what gets enforced, is a bit of guess work for most people.  Here is a short guide.

Always enforced.
Looking at illegal porn (kiddies, dogs & gerbils).  If we find out about it, we have to report it; you kiddie fiddling scumbag.
You won’t know that you’ve been reported until PC Plod seizes everything.
If there is a set of stairs nearby, pray that you don’t trip walking down them.
Repeatedly.

Sometimes enforced
Porn surfing.  If someone sees you doing it, hears you doing it, we find it on your hard drives, or we see visits to <insert porn sites here>, it’s going to be reported to management.

But yes, commonsense is used.

If it’s an inadvertent visit, such as mistyping the name of the llewtube.com site, you’ll be fine.  But if we see a whole bunch of porn sites in the web proxy log, then your sad arse is getting reported.

Other things which will get you reported:

• trying to bypass the corporate firewall with a Hamachi client.
• downloading warez, DVD’s or music.  Do your leeching from your home.
• Using BitTorrent.

Never enforced
If you hold a “C” title, “Sometimes enforced” becomes “Never enforced”.  Sure, we’ll report it.  The HR people won’t do anything about it, as they don’t have the bottle to do anything about it.