In this week’s digest, we explore two compelling cases that highlight the evolving landscape of cybersecurity and data privacy.In Abu Dhabi, a former employee was fined for leaking confidential corporate data – an example of the persistent risks posed by insider threats. Meanwhile, Uganda’s Personal Data Protection Office secured its first prosecution under its 2019 privacy law. Let’s dive in!

The Abu Dhabi Family, Civil, and Administrative Claims Court found a former employee guilty of exposing confidential information and fined her Dh50,000. This case is a textbook example of an insider threat – a risk posed by individuals within an organization. Let’s take a closer look at how a seemingly ordinary situation became a cybersecurity concern.

The incident began when a woman was hired by a company and, as part of the standard legal process, signed a non-disclosure agreement (NDA). She was also issued a corporate email address for work-related communication. After some time, she resigned and left the company.

Later, the company launched an internal investigation. It revealed multiple unauthorized transfers of confidential data and internal documents from her corporate email account to a personal email address.

Digital forensic specialists were able to trace the leaks, confirming that the former employee had sent sensitive files from her work account to her private one. The company took legal action and notified the authorities. The Abu Dhabi Criminal Court found her guilty and initially imposed a fine of Dh30,000, subsequently increasing the total compensation to Dh50,000.

This case clearly illustrates the danger of insider threats. There was no sophisticated hacking or advanced bypassing of security systems – just a simple failure to safeguard against unauthorized data transfer.

Many companies focus heavily on defending against external threats like DDoS attacks and malware, which are widely recognized. However, insider threats can be just as damaging – and often easier to execute.

Today, protecting confidential information without addressing internal risks is nearly impossible. As demonstrated in this case, a person can easily leak sensitive data by emailing it outside the organization – one of the most common methods of data exfiltration.

That’s why the ability to monitor email content and block the unauthorized sharing of sensitive information is essential. It’s the core function of any modern Data Loss Prevention (DLP) system – a crucial tool in today’s cybersecurity landscape.

Data privacy enforcement continues to gain momentum worldwide, with notable progress emerging from Africa. The Uganda Personal Data Protection Office (PDPO) enforced its first ruling under the Data Protection and Privacy Act (DPPA), which was enacted in 2019.

Ronald Mugulusi, a director at a loan company operating the “Quickloan” digital lending app, was found guilty on multiple counts. First, he failed to register with the PDPO as required by law. Second, he violated data subjects' rights by publishing their personal information without consent.

Between 2023 and 2025, the PDPO reached out to Mugulusi several times to urge compliance with local data protection regulations. However, these efforts were unsuccessful. Representatives from his loan company continued to contact borrowers via WhatsApp, threatening to publicly share their name, photo, and phone number if they defaulted on loan payments.

These ongoing violations of the DPPA prompted a criminal investigation. Mugulusi ultimately pleaded guilty to one charge, negotiated a plea bargain on another, and was fined UGX 300,000. This marked a historic milestone for Uganda's data protection authority in the enforcement of privacy laws.

The era when data regulation was virtually nonexistent is over. Today, companies must navigate both local legal frameworks and international security standards – especially when handling the personal data of foreign citizens. Achieving compliance can be particularly difficult for small and medium-sized enterprises (SMEs), which often lack dedicated in-house cybersecurity professionals and required data protection solutions.

To meet these challenges, SearchInform developed its Managed Security Service (MSS) – a comprehensive solution tailored to SMEs. MSS provides access to advanced security tools, managed by experienced cybersecurity professionals. It includes built-in security policies aligned with international standards like PCI DSS and ISO 27001, as well as local regulations like SAMA, Saudi Arabia’s PDPL and Data Cybersecurity Controls.

The result is cost-effective, reliable protection against internal threats for SMEs and independent expert oversight for large enterprises – all in one accessible service.

Start your free 30-day trial now!