United Arab Emirates

The Cyber Crimes Law and the UAE E-commerce law do not require individuals or entities to protect themselves from cybercrimes or penalise them for lack of such protection. However, UAE law does require government bodies and employees to take various measures to prevent cybercrimes. Moreover, UAE Company Law requires directors and employees to act in their organisation's best interests and with reasonable skill and care. Failure to maintain adequate cyber security or to prevent unauthorised disclosure of data may, in certain circumstances, constitute a breach of those duties, opening the doors to liability against such persons. If the directors or employees of UAE companies were found guilty of cybercrimes or data privacy breaches while performing their duties it might also expose the company to vicarious liability under UAE law. It is therefore advisable for companies to adopt international best practices in relation to cyber security and data protection systems and provide adequate training for its personnel.