Adult pornography is a different matter: It is not automatically a crime to possess adult porn in the United States, and it is not a crime at all in many countries. In the United States, the tricky part about porn is the concept of community standards, which leaves the decision to each locality as to what is pornographic. That can make it hard to have a standard across multiple locations, and even in one location, it requires IT pros to have a sense of what is acceptable or not to the community (the employees, for example) as opposed to what is personally acceptable. Ultimately, the company's policies should determine the standard, not individual IT pros, and IT pros should know what those policies are.
The body that governs website domain names, the International Corporation for Assigned Names and Numbers, recently adopted an .xxx top-level domain for porn sites, which should make tracking behavior of this sort much easier.
Copyright and source code violations Most everyone is aware that the "software police" (from the Business Software Alliance and the Software and Information Industry Association) routinely bring claims against companies that make illegal copies of software and thus violate the U.S. Copyright Act. IT pros can be personally liable for making illegal copies because the person making the copy is technically the infringer. For the most part, the "software police" present infringement claims to employers, but if the dispute is not resolved and litigation ensues, the individual IT pro who made illegal copies may have personal liability.
IT pros who have access to source code should make it a routine practice to verify that their employers have a proper license. If the source code was not properly licensed, or there are some limits on who may access the source code, you might have liability. Why? Because such improper use could be considered misappropriation of a trade secret, and any individuals who have access to the source code -- not just the employer company -- can become parties to a lawsuit. Trust me, it happens: CA is an example of a company that for years has sued individuals for misappropriation of trade secrets by using source code improperly.
Financial shenanigans Several federal agencies monitor financial records for public and private companies, including the Securities and Exchange Commission, Department of Justice, Internal Revenue Service, and the bankruptcy courts. Thus, if you create fictitious financial records, without question you may be personally liable. So if an employer asks you to do something suspicious with financial records -- such as creating a shadow set of financial statements, setting up fake accounts, and writing checks inappropriately -- you may have personal exposure for your behavior, such as fines and/or jail terms. It doesn't matter that an executive told you to do it or that you didn't realize what was going on.