Data Management Flashcards

1
Q

What is triangulation?

A

Process used to verify data through an alternative source
- Important when considering reliability of a source and risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How have you ensured data is secured safely?

A
  • Regular back ups undertaken off site
  • Disk encryption
  • Firewalls and disaster recovery procedures
  • Using anti-virus protection
  • Password protection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is copyright?

A

Exclusive rights to work provided to the author or creator
- Rights can be assigned and transferred
- Essential to acknowledge any copyright in your own work

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is crown copyright?

A

Refers to material created and prepared by the government, such as laws, public records and OS mapping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Data Management?

A

The practice of collecting, storing and using data securely, efficiently and cost effectively

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is hard and soft data?

A

Hard - quantifiable
Soft - less measurable - e.g. opinions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an information barrier?

A

Physical or electronic barrier which prevents the transmission of information between individuals or firms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is GDPR?

A

EU General Data Protection Regulations (2016)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the Data Protection Act (2018)

A

UK implementation of GDPR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When did the Data Protection Act come into force?

A

25th May 2018 - replace 1998 DPA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the purpose of GDPR?

A

Harmonise data protection across the EU
Alter how personal data is managed and handled to ensure stricter regulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How have consent conditions been strengthened under GDPR?

A

Consent must be given with the purpose of data processing attached to that consent
- It must be as easy to give consent as it is to reverse it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When did GDPR come into force?

A

25th May 2018

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the role of the Data Protection Act?

A

Controls how personal information is used by organisations, businesses and the government
- Also govern data protected by GDPR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Is there any RICS guidance on Data Management?

A

(Archived) RICS Guidance Note - Electronic Data Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Why did the Data Protection Act come into force?

A
  • 1999 - Respond to the rise of Data
  • 2018 - incorporate new GDPR regulation s
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the key principles of GDPR / DPA?

A

Data must be
- Lawful, fair and transparent
- Collected for specified, legitimate and explicit purposes
- Adequate, relevant and limited to necessity
- Accurate and kept up to date
- Kept no longer than required
- Kept safe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the 8 individual rights under GDPR?

A

1) To be informed
2) To have access
3) To rectification
4) To erasure
5) To restrict processing
6) To data portability
7) To object
8) To automated decision making and profiling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Who does GDPR affect?

A

All companies who hold date EU data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Who polices and regulates GDPR in the UK?

A

Information Commission Office (ICO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the penalties under GDPR and DPA?

A

Greater of 4% annual turnover or 20m euros

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What should you do in the event of a GDPR breach?

A

Report to the ICO in 72 hours

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the right to be forgotten?

A

Article 17
Individuals have the right to have personal files erased if:
- Data no longer required
- Data has been processed unlawfully

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is data portability?

A

Right for a data subject to receive personal info concerning them which they have provided and transmit data to another controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is privity by design?

A

Legal GDPR requirement
- Requires data protection from onset of designing a system, rather than in addition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is a data controller?

A

Decides how and why personal data is processed and is directly responsible for GDPR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is a data processor?

A

Someone who processes data on behalf of and in accordance with a data controller instruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is a data subject?

A

Individual whose data is about

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is a data protection officer?

A

Person responsible for compliance with data protection regulations - monitor and ensure internal compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What constitutes personal data?

A

Any information relating to a person that identifies that person
e.g. photo, name, email, bank details

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What are examples of personal data under GDPR that relate to property companies?

A
  • Details of fund managers
  • Data relating to managers
  • Background checks
  • Valuations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is the right to access?

A

Individuals have the right to obtain conformation that their data is being processed - access to their personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is a GDPR breach notification?

A

Duty under GDPR - must report breach in writing within 72 hours
If breach means an individuals rights or freedom may be impacted - must be reported straight away

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

How are breaches discovered?

A
  • Loss of equipment
  • Access logs
  • Theft
  • Serious data security incident
35
Q

What are examples of data held by surveying firms that are covered under GDPR?

A
  • Emails
  • Other records
  • Customer info held for marketing
  • Data held to service client - e.g. bank details
36
Q

What are obligations imposed by GDPR?

A
  • Having knowledge of data held and processed
  • Ability to delete every instance of an individuals data
  • Demonstrate compliance in managing data
  • Prove how info is being used
  • Offer data portability
37
Q

What is RICS guidance for GDPR compliance?

A
  • Conduct data reviews
  • Encrypt
  • Keep data anonymous
  • Understand data processes
38
Q

What is Workman’s policy for data protection?

A

Comply with GDPR / DPA
- Report any breaches to data officer in 72 hours - or line manager

39
Q

What is a privacy notice?

A

Identify who data controller and data protection officer is
Also should include:
- What information is held
- What information is used for
- Which 3rd parties may you share information with
- How long info is held
- What legal right a firm has

40
Q

What is a SAR?

A

Subject Access Request
- Demand that an individual be given information a company holds about them

41
Q

What is the Freedom of Information Act (2002)?

A

Gives individuals the right to request information held by public bodies
Public body must
- Confirm whether they hold the info
- Provide the info in 20 days of request

42
Q

Can you provide an example of when you handle confidential information?

A

Data input forms - add, amend and remove data
Sending info to solicitors - use secure data room
Anonymise employee liability info for TUPE
Password and account for management systems

43
Q

How do you protect data when transferring to a client?

A
  • Encryption and password protection
  • Recorded special delivery
  • Using secure network and software
44
Q

What is an encryption?

A

Mathematical function that encloses data in a way where only authorised users can access it

45
Q

What is a firewall?

A

Secure network system which monitors and controls incoming and outgoing traffic based on predetermined rules

46
Q

When do you extract data in your role?

A

Using leases to fill out new lease forms
- Form filled out and sent securely to senior team member to sense check.
- Then sent to data team to securely upload to TRAMPS
- Data then held securely using password protection

47
Q

What management systems do you use?

A

TRAMPS
SharePoint
vroom
Horizon
EFS
Quooda /Meridian

48
Q

What is an ISO 9001?

A

Set out requirements for how firms should control data and documents relevant to the service they provide

49
Q

Can you provide an example of a property information tool?

A

Government search website - title register
vRoom
Horizon
TRAMPS

50
Q

What do you know about the retention of files under the Business Limitations Act 1980?

A

Legal Action must be brought within 6 years of issue arising
Business have responsibility to hold records for 6 years after they expire

51
Q

What do you know about the Privacy and Electronic Regulations (2005)?

A

Unlawful to transmit automated recorded message for marketing via telephone, unless prior consent of subscriber provided

52
Q

How do I ensure data is kept securely?

A

Restrict access via password protection
Firewalls - prevent hacking
Undertake training
Don’t share confidential info and anonymise

53
Q

What is AVM?

A

Automated Valuation Model
Use data on property database to calculate property value

54
Q

What guidance does the RICS provide on AVM?

A

RICS Roadmap: Automated Valuation Model Roadmap for RICS Members and Subscribers

55
Q

Why has the use of AVM been growing?

A

Increased availability of data
Avoid litigation costs associated with personal error

56
Q

What is an electronic document management system?

A

Type of software which stores, organises and manages documents in the form of electronic files e.g. SharePoint

57
Q

What makes a land register plan compliant?

A
  • Correct scale 1:100, 1:200 - noted on plan
  • Have scale measurement bar
  • Include a 1:1250 scale map of location
  • Full address
  • North point
  • Demise in red outline
58
Q

What is the Land Registry Act (2002)?

A

Framework for electronic property surveying
- All freeholds or leases over 7 years must be registered
- Adverse possession - 10 years +
- Aim to have also property registered electronically by 2030

59
Q

What are deeds & Registered Titles?

A

Deed - physical document declaring persons legal ownership
Registered title - ownership recorded with land registry electronically

60
Q

Are signatures accepted by the Land Registry?

A

Yes, if witnessed since July 2020

61
Q

What documents can be signed electronically?

A
  • Deeds - if witnessed
  • Contracts
62
Q

How do I comply with Workman’s data protection policy?

A
  • Understand sensitive and protected data
  • Don’t share confidential data
  • Anonymise data
  • Report breaches
63
Q

How do you protect and handle confidential information?

A
  • Use document management system - add amend and remove data
  • Upload files to secure data room
  • Anonymise information
  • Password protection
64
Q

How do you use TRAMPS and Horizon?

A
  • Securely load data onto systems through DI forms
  • Manage information on tenants and accounting information
  • Tenant and client info stored
  • Run reports
  • Password protected
65
Q

Why is it important to hold accurate information?

A
  • Effectively manage property
  • Ensure rent demands etc sent out timely and that information provided to clients is accurate
  • Comply with GDPR/DPA
66
Q

Talk me through your use of Quooda and Meridian?

A
  • Secure data site for Health and Safety info - password protected
  • Monitor H&S info and data at a property level
  • Monitor statutory compliance - linked to my email which provides notification if document expires or is non-compliant
  • Monitor progress in ensuring compliance following Risk Assessments
67
Q

What reports do you run?

A
  • Tenancy schedules
  • Arrears reports
  • Service Charge expenditure reports
  • Debtor payment histories
68
Q

What recommendations do you provide from reports?

A
  • Arrears - CRAR recommendations
  • Review SC expenditure 3 months before year end. Shows provision available for energy enhancement measures found in a Sustainability Report commissioned.
69
Q

How do you ensure data held is accurate?

A
  • Data verification
  • Check against original documents
  • Error check data uploads with senior colleagues and data team
70
Q

How are the management systems you use kept secure?

A
  • Encryption
  • Firewalls
  • Password protection
71
Q

What are your KPIs for uploading data?

A
  • 7 days from receipt
  • Data input tracker used to track when info received, uploaded by data team and relevant accounts work complete
  • Client kept informed throughout
72
Q

How do you review arrears?

A
  • Use TRAMPS/Horizon - able to see tenant payment
    and financial history
  • Money received allocated by credit control and reflected on system
73
Q

How do you review SC expenditure?

A

Run service charge expenditure report on TRAMPS / Horizon

74
Q

How do you review leases?

A
  • Solicitor data site
  • If any info missing, liaise with solicitors and have info uploaded securely
75
Q

Can you explain Workman’s EFS?

A

Electronic Filing System
- Secure system with info held e.g. budgets, recs, contracts etc

76
Q

What would you do if someone wanted to view CCTC footage?

A

a) receive request,
b) check with data protection officer if unsure,
c) notify police if required and
d) ask subject to complete SAR whilst you await advice from DPO?

77
Q

How long can you hold data?

A

No limit - no longer than necessary
- As agreed with data subject
- Depends on several factors
- Is it a current project
- No you need them to justify fees
- Required for litigation?

78
Q

If a lease was assigned, how long should you hold the assignors info on your system?

A

Depends on the terms
- If an AGA in place - hold details until the end of the lease
- Same for privity of contract
- Could be argued that info can be held until arrears cleared

79
Q

How can you upload /share data and how do you know its allowed?

A

Firms privacy policy - dictates what info is held, how processed and how shared with 3rd parties
Time it may be allowed - property sale
- Privacy notice issued to all tenants

80
Q

Why do you undertake a data verification?

A
  • New portfolio - lots of data - to ensure it was accurate
  • Ensure data being held is necessary
  • Comply with GDPR
81
Q

How was the new data kept secure?

A

Held on solicitor data room
- Encryption and firewall
- Password protected
- I was given username and password
Loaded in compliance with Workman processes to ensure safety

82
Q

What info was held on the data site?

A
  • Leases
  • Title
  • Sc budgets and recs
  • H&S docs
83
Q

How is info kept secure in our office?

A

Follow privacy policy
- understand what info is held and why
- understand who info can be shared with
- ensure protection - password / encryption
- IT implementations - Firewalls

84
Q

When are firms exempt from GDPR?

A