According to a story from NPR, Amanda Stanton’s phone (an iPhone) was completely wiped remotely (accidentally) by her employer, and without her consent or knowledge. This was done not to a phone given to her by her employer, but to her personal and private phone.
This kind of power can be abused quite easily, and is also prone to mistakes such as this one. What is an IT department to do?
A situation like this requires balancing the desire of a company to protect private conversations and to protect trade secrets and so on, against the right of an individual to have their privacy rights respected.
Making this worse is the fact that personal gadgets and corporate gadgets (and technology) are mixing together like never before: for example, people buy their own phones and use them at work, and people use corporate phones to make personal calls. This mixing of personal and professional is only going to grow.
On a personal level, protecting yourself from this sort of accident means not connecting your phone to Microsoft Exchange, which provides the ability to perform a remote data wipe. It might be possible to forward or otherwise use a “proxy” to handle the mail from Exchange before mail gets to you – possibly sanitizing the mail – but this is conjecture.
From a corporate standpoint, this ability is a lawsuit waiting to happen. There has already been a lawsuit – City of Ontario v. Quon – that went to the Supreme Court about the privacy of text messages. The court found that the text messages should receive the same privacy expectations as that of emails, which meant the city could use them against Quon in the case that was ongoing. The Electronic Frontier Foundation saw hopeful signs for workplace privacy in the future.
UNIX Administratosphere 
Not sure why this is tagged privacy. The remote wipe ability doesn’t give the admin acess to a users personal data.
Another way to protect your own device is to regularly backup you phone/device. This is trivial on iOS devices, just do a sync.