Data Management Flashcards
Considerations for Data Management?
Consider the data required and held in your office (paper / electronic)
Understand the types of information systems used to extract information for a range of different scenarios and their strengths and limitations
Articulate how data can be stored securely and in accordance with the law?
Note the importance of diaries for trigger dates for property management systems - eg. rent collection, review notices, repairing obligations
Data Sources
When accessing data it is essential to consider the reliability of the source and associated risk where possible
You should verify against alternative source through triangulation
Data storage and security
It is essential that data is kept safe from corruption and that access to it is suitably controlled to ensure privacy and protection
This includes:
Disk encryption - encrypting data on a secure hard disk drive
Regular backups off site
Password protection
Use of anti-virus software protection
Firewalls and disaster recovery procedures
Consider what action is undertaken in your office to ensure security of data
What is Copyright?
A set of exclusive rights granted to the author or creator of any original work, including the right to copy
These rights can be licensed, assigned or transferred
Form of intellectual property
Crown Copyright - created and prepared by the Government such as laws, public records and OS mapping
Essential that you acknowledge any copyright for information duplicated in your work
What is the UK regulation regarding data?
UK General Data Protection Regulation & the Data Protection Act 2018
Does the EU GDPR still apply?
No longer applies in the UK but was almost entirely transcribed into the UK GDPR
UK GDPR facts and information?
UK GDPR is supplemented by the Data Protection Act 2018
The combined regime replaces the Data Protection Act 1998 and relates to personal data
It aims to create a single data protection regime affecting businesses, an empower individuals to take control of how their data is used for third parties
Gives people rights to be informed about how their personal information is used
What are the key requirements under UK GDPR?
- An obligation to conduct data protection impact assessment for high risk holding of data
- New rights for individuals to have access to information on what personal data is held and to have it erased
- A data controller decided how and why personal data is processed and is directly responsible for GDPR
- A new principle of ‘data accountability’ is ensuring that organisations can prove to the Information Commissioner’s Office (ICO) how they comply with the new regulations
- Data security breaches need to be reported to ICO within 72 hours where there is a loss of personal data and a risk of harm to individuals
Who is UK GDPR policed by?
Information Commissioner’s Office (ICO)
What are the fines for non-compliance for GDPR?
Fines of up to 4% of global turnover of the company or £17.5 million (which ever is greater)
What are the principles of UK GDPR?
Article 5(1) Principles relating to the storage of personal data states that data must be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals
- Collected for specified, explicit and legitimate purposes and not further processed in a manner which is not compatible with those purposes
- Adequate, relevant and limited to what is necessary for the purpose for which they are processed
- Accurate and where necessary kept up to date. Inaccurate data must be erased or rectified without delay.
- Kept in a form which permits identification of data subject for no longer than is necessary for the purpose that the personal data is processed
- Appropriate security of the personal data including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage using app technical or organisational measures.
It is important that the controller be responsible for and be able to demonstrate compliance with the principles
What are the individual rights under UK GDPR?
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability (to use for their own purposes)
- Right to object
- Right to automated decision making and profiling (as undertaken by insurance companies)
Freedom of Information Act (2000)
Gives individuals the right of access to information held by public bodies
The public body must tell any individual requesting sight of information whether it holds it
Normally the public body is required to supply it in 20 working days in the format requested
It can charge for the provision of the information
What exemptions are allowed under Freedom of Information Act 2000/
Contrary to the GDPR requirements
It would prejudice a criminal matter under investigation or a persons/organisations commercial interest
Security of data
Security of electronic data can be improved using firewalls, encryption and passwords
Understand how a Non-Disclosure Agreement works
