What I believe you should do is to get all employees to sign-up to the AUP, and in the AUP you state something along the lines of 'your first usage of the systems indicates acceptance of this policy' either that or get them to physically sign it.
If they sign up to it it ain't against the data protection act. I'm not even convinced it is against it if they don't sign-up.
It is as you say a company resource, and presumably for company use or occasional personal use as a perk so you have to wonder what exactly she has to hide!
Presumably she has the same concerns about email filtering.