If it's done using company resources, absolutely an organisation has the right to access it. They don't have the right to access your personal cloud accounts without your consent, but if you're silly enough to leave chat logs, downloads or other data on a company laptop, that's your own fault. They can also lawfully monitor your web activity using their equipment and infrastructure, without your consent.
The latter is false in large parts of the world.
Certainly not in Australia. You would be surprised how far reaching the rules and laws go, even in your country. I should however clarify, I meant to say "express consent", in that you don't necessarily need to sign a written agreement.
The organisation I work for has complete and lawful access to all my e-mails sent/received using my work e-mail, whether they are marked Unofficial/Unclassified or otherwise. Likewise, any photograph I take, diagram I draw or notes I make as part of my duties all belong to the organisation (even if it's using my private phone). If I so much as distribute anything without their permission, I'm in deep trouble. Even if I used social media and made a comment about work on my private account, that comment is not considered private. If I simply "liked" a questionable organisation/person/comment which goes against the values and policies of the organisation I work for, that too can be used in formal action against me.
Same as web history; they capture every site I visit and if defaults to HTTP (like this forum does), a lot of the unencrypted data I send/receive is captured as well. All perfectly legal.
A lot of people are under the assumption that your complete right to privacy remains intact even at the workplace, when in many cases it doesn't. If you don't want work knowing what you get up to, don't post it on social media and don't use company resources. Simple. I have a personal rule that I follow: If I wouldn't say it to my supervisor or if I wouldn't let my mother read what I've written, then don't say/write those things at all, anywhere.
Of course every country is different and even private vs. public sector has different policies and rules.
Anyway, drifting off-topic here. Just use DBAN and securely erase the entire drive.