Corporate Confidentiality: Ex‑Employee Fined DH80,000 Over Data Leak

In a landmark ruling reinforcing the sanctity of corporate confidentiality, the Abu Dhabi Family, Civil and Administrative Claims Court has mandated that a former employee pay AED 50,000 in compensation to her former employer. The decision follows a legal claim brought by the company after discovering that she had leaked sensitive internal data via her work email account without authorization. In criminal proceedings at the Abu Dhabi Criminal Court, the former employee was fined AED 30,000 for unauthorized disclosure of confidential information.

Table of Contents

Breach of NDAs and Legal Accountability

The employee had signed a non-disclosure agreement at the time of her hiring and was issued a company email for business use only. Subsequent internal investigations linked several unauthorized data transmissions sent from her official email address to the breach. After receiving her final settlement upon resignation, the company initiated both criminal and civil proceedings.

Court Ruling & Penalties

In parallel criminal proceedings at the Abu Dhabi Criminal Court, the former employee was fined AED 30,000 for unauthorized disclosure of confidential information—a ruling upheld on appeal. In the civil case, the Family, Civil and Administrative Claims Court awarded the employer AED 50,000 in damages, covering material, moral and reputational harm caused by the employee’s data disclosure.

Legal and Corporate Implications

This ruling underscores a critical point for businesses operating in the UAE: even after termination and full settlement, former employees remain legally liable for breaches of confidentiality and data misuse. Corporate entities should ensure robust exit protocols, including revocation of access credentials and detailed audits of email activity post‑resignation.

Confidentiality Safeguards in the Workplace to Protect Trade Secrets, Client Data & Internal Communications

In the wake of a recent ruling by the Abu Dhabi Family, Civil and Administrative Claims Court, where a former employee was ordered to pay AED 50,000 in damages for leaking confidential company data, UAE-based businesses are reminded of the legal and reputational risks of insufficient confidentiality protocols.

This advisory outlines practical and legal steps companies operating in the UAE can implement to mitigate risks and ensure enforceable protections around sensitive information.

Tighten Employment Contracts and NDAs

Ensure every employee signs a Non-Disclosure Agreement (NDA) clearly defining:

What constitutes “confidential information”

Permitted use

Time-bound restrictions (often surviving the term of employment)

Include non-compete and non-solicitation clauses where appropriate under UAE labour law.

Legal Tip: In the UAE, NDAs are enforceable under civil law. Breach of such agreements may also result in criminal liability under Federal Decree Law No. (31) of 2021 (UAE Penal Code).

Enforce Robust IT & Access Controls

Limit employee access to sensitive files on a need-to-know basis.

Monitor official email usage and data downloads, especially during notice periods.

Apply multi-factor authentication (MFA) and audit logs on corporate devices, cloud systems, and shared drives.

Legal Tip: The UAE Cybercrime Law (Federal Decree Law No. 34 of 2021) criminalizes unauthorized disclosure, use, or publication of data obtained through employment.

Formalize Exit Protocols

Conduct exit interviews reminding departing employees of their ongoing confidentiality obligations.

Immediately revoke access to:

Email systems

Client databases

Cloud storage

Retrieve company-issued devices and confirm deletion of work-related data from personal devices (where BYOD is permitted).

Legal Tip: Civil liability may still arise after an employee receives their full and final settlement if evidence proves they misused data post-termination.

Internal Awareness & Training

Conduct regular employee training on:

Data classification

Insider threat risks

Social engineering and phishing threats

Establish a clear escalation protocol in the event of a suspected breach.

Document & Report Breaches Immediately

Maintain logs and screenshots to document unauthorized access or data transfers.

Initiate internal investigations through HR and IT teams.

Seek legal advice promptly and consider parallel criminal and civil action for serious breaches.

Regulatory Note: Employers may pursue parallel claims in Abu Dhabi Civil Court (for compensation) and Criminal Court (for penal fines and deterrence).

Final Word

In an increasingly data-driven and legally conscious environment, the cost of lax confidentiality protections can be high—both financially and reputationally. UAE law empowers companies to take action, but preventive compliance frameworks remain the best defense.

Disclaimer

The opinions expressed in this blog are those of the respective authors. ATB Legal does not endorse these opinions. While we make every effort to ensure the factual accuracy of the information provided in our blogs, inaccuracies may occur due to changes in the legislative landscape or human errors. It is important to note that ATB Legal does not assume any responsibility for actions taken based on the information presented in these blogs. We strongly recommend taking professional advise to ensure the best possible solution for your individual circumstances.

About ATB Legal

ATB Legal is a full-service legal consultancy in the UAE providing services in dispute resolution (DIFC Courts, ADGM Courts, mainland litigation management and Arbitrations), corporate and commercial matters, IP, business set up and UAE taxation. We also have a personal law department providing advice on marriage, divorce and wills & estate planning for expats.

Please feel free to reach out to us at office@atblegal.com for a non-obligatory initial consultation.