In a significant ruling that reinforces the importance of corporate confidentiality in the UAE, the Abu Dhabi Family, Civil and Administrative Claims Court has ordered a former employee to pay AED 50,000 in damages after she was found guilty of leaking sensitive company information. The data was transmitted using her work email after she resigned, despite the fact that she had signed a non-disclosure agreement (NDA) and had already received her full and final settlement.
This judgment follows an earlier criminal conviction from the Abu Dhabi Criminal Court, where the same individual was fined AED 30,000 for unlawfully disclosing confidential information. Together, these rulings serve as a powerful reminder that both civil and criminal liabilities remain enforceable even after an employee has left the organisation.
Table of Contents
What Happened?
The former employee had been granted access to confidential internal data as part of her job responsibilities and was issued an official company email address, strictly for business use. Upon resignation, she returned company assets and was processed through standard HR formalities. However, the employer later discovered that she had misused her email account to send sensitive internal data to external recipients, in violation of her contractual obligations and UAE law.
The employer initiated both criminal and civil legal action. The courts found compelling evidence that the breach was intentional and had caused both material and reputational harm to the organisation. As a result, the employee was held personally liable and ordered to compensate the company.
Why This Ruling Matters
This case is not just about one individual. It sets a broader precedent that businesses across the UAE must pay attention to. It clarifies that:
- Confidentiality agreements remain enforceable after an employee exits the organisation.
- Civil damages may be pursued even after a criminal conviction has been handed down.
- Companies have legal recourse when internal data is misused, and courts are willing to award compensation when harm can be demonstrated.
More importantly, it highlights the real risk of internal data breaches—which are often harder to detect and more damaging than external threats.
What Should Businesses Do?
Companies operating in the UAE need to adopt a proactive, structured approach to protecting sensitive information—not just through legal contracts, but also through technology, training, and internal controls.
Here are five practical measures every organisation should implement:
Strengthen Employment Contracts and NDAs
Every employee and contractor must sign a clearly worded NDA that defines what constitutes confidential information, outlines permitted use, and imposes post-employment obligations. UAE law recognises and enforces such agreements both under civil and criminal provisions.
Control Access to Sensitive Data
Limit access to client data, internal strategy documents, and proprietary tools strictly on a need-to-know basis. Use audit logs, multi-factor authentication (MFA), and role-based access controls to prevent unauthorized downloads or transfers.
Implement a Proper Exit Process
Ensure that all access credentials (email, file systems, software tools) are revoked immediately on termination. Retrieve all company devices and perform a digital audit of recent account activity. Conduct a formal exit interview to reinforce the employee’s ongoing legal obligations.
Train and Educate Employees
Many data breaches happen because staff are unaware of what constitutes a violation. Regular training and awareness programs—especially for those handling client or financial data—are critical to building a compliance-first culture.
Act Swiftly if a Breach Occurs
If you suspect a breach, don’t delay. Document the evidence, consult legal counsel, and consider initiating both civil litigation and criminal complaints under UAE law. Courts in the UAE are increasingly supportive of companies that take data protection seriously.
Final Thoughts
The recent ruling is a wake-up call for all businesses. In an era where data is one of the most valuable corporate assets, the cost of weak confidentiality safeguards can be high—both financially and reputationally. By taking a 360-degree approach to data protection—combining HR, IT, and legal safeguards—companies in the UAE can better protect themselves and hold wrongdoers accountable.
Benoy Jacob is a journalist-turned-business consultant, currently serving as the Director of Client Relations at ATB Corporate in Abu Dhabi. With a keen eye for market trends and business strategy, he helps companies expand, build strategic partnerships, and optimize their operations in the UAE. Benoy brings a unique perspective on economic policies, trade ecosystems, and investment opportunities in Abu Dhabi and the wider MENA region.