If the person is using private networking devices
then they should not have any settings on them to directly access workgroups on the LAN. If they are using an open wireless set to do AP isolation, I see no problem with that and privacy assumption from such provision should be the standard there. That would be similar to open access provided at places like McDonald's which offer such service. Wireless access is a different situation than being directly plugged into the office LAN. Some people also access internet at work through their own access across cellphones.