Yes, it is possible. They can check what websites she browses, instant
messages and broadcasts (Twitter, Identi.ca, etc.).

Is it likely? It depends on the administrator and the policies of her
employer. Right now the sky is the limit for snooping and the boss is within
his rights, legally. It is the company's equipment and their time.
Ethically, it is another question.

My own opinion is that this is going to increase, not decrease. Governments
are doing it and there is even talk of them monitoring your behaviour for
mental problems and cruising the streets to listen in and even view what it
going on in your home using equipment like that used to look through
clothing at airports. Companies are producing vans to do this as I write.
The NSA in the US is building huge sites in the desert to store and monitor
all electronic transmissions. Foreign governments will et in on the act to
trade secrets with the big boys as everyone wants a piece of the action and
besides we will soon have one world government.

The company owns the computer, and the network it is on, so nothing done in a
work environment is private. Most company's have you go through a 'training'
event and have you sign something telling you that they can / will monitor.
Where I work they now send you an email once a year and you login to a server,
read the training, answer questions and it is all filed away, and each year
people get fired because they do things against policy. Do home stuff at home,
it's cheaper than a lost job..

Yes, it is entirely possible that activities are monitored, if not
recorded, but it has nothing to do with the fact that she is running Ubuntu
or the gateway running SUSE. It is also likely something she agreed to under
the terms of employment under the Acceptable Use Policy.

There are things that can be done, such as using encrypted connections.
Pidgin supports encrypted connections, but it may not be the default, nor
possible with every service. There are all sorts of cat and mouse games that
she can play to try to avoid detection, but a savvy employer is simply going
to have a policy forbidding activity they don't want rather than having to
write language to cover every possible variation. Detecting most such
activities, even if encrypted, is fairly trivial.

I'd suggest she get some clarification as to what exactly the policies and
penalties are before getting too creative. Some employers don't mind a
little downtime, so it may not be a big deal.

A properly set up work server will monitor and log what every user is
doing so if she's worried about what she might be using the work PC
for then perhaps she shouldn't be doing it ?? BTW - this would apply
with a Windows based system too so it's not a 'Linux thing'. Companies
have to keep tabs on what their employees are doing on-line !