Whether they should or shouldn't, you have to expect that your company has root on your work device or at least some sort of corporate admin profile that gives them access to everything on the device and all attached peripherals. This has been pretty standard at IT / tech companies for as long as I've been in the workforce. I personally wouldn't do anything personal on a work computer, from sending personal E-mails all the way up to storing nudes on it. Why do that when a separate personal computer is cheap and solves the problem entirely?

EDIT: I remember, an example of this actually came up a while ago on HN. An Apple employee had to return a device unwiped, due to legal discovery, but the device had intimate pictures on it[1]. Oops! Don't do that, people.

1: https://news.ycombinator.com/item?id=28241917