Data Management Flashcards
How do you handle data
1) inform client of how it is being stored
2) Password protect and encrypt
3) Ensure email’s only copy in relevant parties
4) Only transfer data with express permission
5) Correctly label data
6) Don’t leave paperwork on desk
What do you do if data is breached
Inform Data Protection Officer within 72 hours describing the nature, type of breach, what it relates to likely consequences
What act allows the disclosure of public body information
Freedom of information act 2000
Why can’t rental evidence be handed over using FOI
It would prejudice a commercial interest
What do you do if someone requested information
Forward onto FOI inbox where the Information Law and Disclosure team will respond
What are the latest regulations on data protection?
General Data Protection Regulations 2018
What was the aim of GDPR?
To give individuals greater control of their personal data and to ensure uniformity in the EU
Who must all firms hire under GDPR?
Data protection officer
What is personal data?
Personal data means any information relating to an identifiable person
What procedures do you undertake when handling data?
1) Inform client of how it is being stored
2) Password protect and encrypt
3) Ensure email’s only copy in relevant parties
4) Only transfer data with express permission
5) Correctly label data
6) Don’t leave paperwork on desk
What would you do if data has been breached?
Inform Data Protection Officer within 72 hours describing the nature, type of breach, what it relates to likely consequences
What act allows the disclosure of public body information?
Freedom of information act 2000 and Commissioners for Revenue and Customs Act 2005 (CRCA) section 17-20
Who does the Freedom of Information Act apply to?
Public organisations
When can data be withheld under FOI
Where the release of information is said to compromise or damage a personal or commercial interest
What Act allows the VOA to prevent the disclosure of information
Freedom of information act 2000 and Commissioners for Revenue and Customs Act 2005 (CRCA) Section 17-20
What does EDRM stand for
Electronic Data and Record Management
What did the commission of revenue and customs act provide
Provision for the use of information and the specific disclosure under certain circumstances
What are the 6 principles of GDPR
- Lawfulness, fairness and transparency
- Used for specified explicit purposes
- Data minimisation by collecting what is necessary
- Accurate up to date info
- Kept for necessary period
- Kept in a way that ensures security and protection
Why can rental information be divulged at VT
Under section 17 of the CRCA 2005 it is classed as in the course of Civil Proceedings and is therefore required to further progress the case. It is also stated in statute under section 17 of the Valuation Tribunal for England (Council Tax and Non domestic rates appeals) Act
What did the Data Protection Act 2018 enforce
The General Data Protection Regulations 2018
What rights are given under GDPR/ Data Protection Act (2018)
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights in relation to automated decision making and profiling
How would you report a data breach
- Inform data manager within 72 hours
- Describe breach
- What data concerned
- What likely consequences
- How impact can be mitigated
What does the Freedom of Information Act allow individuals to do
Request information from Public Bodies on data they may hold
How can a FOI request be made?
- letter
- social media
- online form
- fax
In the VOA any request is passed onto our FOI inbox in order for it to be dealt with
Under what grounds can Public Bodies refuse disclosure of information under FOI
- Threat to national security
- Prejudice commercial interest of the public
- Prejudice public affairs
- Includes personal information
- Seemed to be excessive
On what basis can information be disclosed under section 17 of the CRCA 2005
- To enable HMRC to carry out its functions.
- Where the person has given their consent
- Where confidentiality is overridden by legislation
- Where HMRC receives a court order to disclose information
- Where disclosure is made in order to prosecute.
- Where disclosure is in the public interest.
- Disclosure to the relevant prosecuting authorities.
What are the security classifications for the government?
OFFICIAL- Typically given to most personal data which will need to be protected.
OFFICIAL SENSETIVE- excludes certain internal individuals from access
SECRET- which is very sensitive and could potentially cause harm to national security
TOP SECRET- information is the top level of security in which a breach could put many people’s lives at risk.
What is GDPR consent and what are the 5 rules?
Accepting for a company to store and use personal information.
Consent can be given under 5 requirements:
1) Consent must be freely given
2) Consent must be specifically given
3) Consent must be made with correct information
4) Consent must be unambiguous
5) Consent can be revoked
What is a record and what is a field?
Record is a single piece of data whilst a field is a group of records
Have you ever used a .CSV file?
Yes exporting rental data onto an excel spreadsheet. I understand .CSV exports data from one application to another
