I found the following article from the Duke law school interesting and fairly easy to comprehend:
http://www.law.duke.edu/journals/dlt...1dltr0026.html
Depending on whether you are implementing Zimbra for a public or private entity there are very different issues to deal with and the article tries to explain the differences as it delves into applicable laws, most notably the Electronic Communications Privacy Act and its rather broad exceptions that apply to employers. A good read for all of us worried about admin access and employee privacy.
Note that this article predates the Sarbanes-Oxley Act of 2002 (SOX) which changed the scene for the monitoring of corporate communications even more. See also the Wikipedia entry on SOX:
http://en.wikipedia.org/wiki/Sarbanes_oxley#IT_Impacts
pepijn.