Right but your Head of HR may have access to the drive with employee PII in it, or your CTO may be able to view your IT team's password manager.

These are 'proper' (sometimes) access controls, but can still be abused. Not from email...but you get the idea.