Hmm, this is a problem.
You really do need to be able to trust your IT people.
Realistically, you aren't in much of a position to hide your e-mails from him if he wants to read them.
Here's some info, to help you can understand what I mean:
* He could log in to your machine in various ways and access the local email databases there, or run your email client. He probably wouldn't, though, because there are more convenient ways to access your email...
* He could simply set up another email client to connect to your email account. He'll be able to read your email the same way you do. Obviously he would know all the necessary connection information. He wouldn't necessarily need your email account password, either. There are generally admin passwords that would give him access.
* All of your email is typically stored in a database on a server somewhere. He would have direct access to that machine and all the files on it.
* Email is sent and received through mail servers (could be the same or different machine as the last point). These could be set to log all incoming or outgoing messages and read those logs.
* Etc. Email is not a very secure system, particularly not from the person with the most access to and knowledge of your email infrastructure.
As a temporary lightweight spot-fix, you could try sending sensitive materials enclosed in a password-protected zip file (there are tools to crack these, but if you choose a long, difficult password it won't be practical). I'm not sure of a good GUI-based workflow for doing something like this off the top of my head.
Obviously you need to resolve your issues with the IT guy ASAP. Don't be disconcerted that he is introverted--many very competent and professional IT people are. You could sit down with him a lay out your concerns. Be respectful and professional and don't accuse but tell him how you feel (sorry, I'm sure this is obvious.) Something along the lines of "I need to be able to trust the IT group, and especially you. Given your relationship with so-and-so, I've been having a hard time doing that..." Don't forget to mention how much you value his intelligence, etc. This will give you a chance to feel him out. Then again, I'm not sure how much he helped that guy you let go. If you can't come to feel that you can trust him then you really do need to get rid of him. It might make sense to give him a generous severance package that pays out a bonus over time. The bonus would be contingent on a some kind of no-compete, no-damage clause that would discourage him from abusing any backdoors he may know about. The main thing, though, is not to treat him in an insulting way. It sounds like he is a successful and talented IT manager, so he should be inclined to act in a professional and ethical manner. Even if you feel aggrieved, bite your tongue and get him quietly out the door.
Have your next IT guy thoroughly review the IT infrastructure and change all passwords, etc. (And make sure the documentation for everything is up-to-date while he/she is at it!)
Good luck!
