Data Management

Question 1

How long do you need to keep project data for?

Answer 1

• 6 years if contract signed underhand, 12 years if signed as a deed
• RICS recommends <15 years (limitation period for most legal claims)

Question 2

What’s your understanding of Intellectual Property and Copyright?

Answer 2

• Right to control use and ownership of original works
• Generally created by employee, belonging to employer unless copyrights put in place
• Common in construction for client to be granted license for use and reproduction of copyright material - i.e. right to use particular design by subcontracting specialist who retains control of original copyright

Question 3

How does Stace protect client data?

Answer 3

Online filing system, password-locked files, restricted access to certain drives

Question 4

Guidance note for Data Management?

Answer 4

RICS Data Management Guidance Note
(and Freedom of Information Act 2000)

Question 5

Types of data systems used in your organisation?

Answer 5

• Shared hard drives - confidential ones for certain clients
• Backup servers
• Online storage systems (one drive)
• Software i.e. Teams
• Project extranet

Question 6

What is a project extranet system?

Answer 6

Network allowing external parties to view files on a secure platform

Question 7

Advantages of extranet system?

Answer 7

• Improves communication
• 24hr access
• Efficient
• Secure (can apply different access and permission settings)

Question 8

Disadvantages of extranet system?

Answer 8

• Can be expensive
• Requires maintenance
• May require user training to operate

Question 9

Benefits of cloud-based storage systems?

Answer 9

• Easy access worldwide
• Secure / password protected and backed up
• Low set-up costs
• Teams can work in ‘real time’ - multiple users access same docs (which can be synchronised)
• Access control / restrictions / accessibility available for confidential files / folders
• Convenient to send and share files
• Relatively environmentally friendly

Question 10

Sources of pricing data?

Answer 10

BCIS, SPON’s, benchmarking, in-house records and databases

Question 11

What are pricing books?

Answer 11

Assist with estimating and valuing variations, cover major areas of construction process

Question 12

What is BCIS?

Answer 12

Building Cost Information Service
- Provides cost and price data for UK construction industry, helping produce specific estimates, early cost advice, plan costs and benchmarks
- Part of RICS

Question 13

Where does the data on the BCIS come from?

Answer 13

Real life projects, where members of the construction industry provide cost information that’s uploaded to database (following review by BCIS staff)

Question 14

What cost data is submitted to the BCIS?

Answer 14

Elemental costs from pricing documents, including % for each element, details of contract, procurement and tendering route, description of works, GIFA, base date, location

Question 15

What else is available on BCIS?

Answer 15

Cost analysis, indices, average prices, life cycle costing, wages, dayworks, schedule of rates, contract %, tender price studies

Question 16

How does your company ensure accurate cost data uploaded?

Answer 16

Template for info, internal database system forwarded to relevant party

Question 17

What influences the cost data we hold?

Answer 17

• Level of detail provided, consideration and identification of project abnormals affecting pricing
• Amount of cost data in particular location
• Age of data
• Project location

Question 18

What is Meta Data and why is this important?

Answer 18

• Info about a specific piece of data
• i.e. when sharing cost planning doc, meta data can consist of info about author, file size, date of documentation, keywords to describe doc
• Must ensure it’s afforded same level of care as other confidential info
• Try to ensure not to share inadvertently

Question 19

What different sources of info do you use in your day-to-day?

Answer 19

• RICS guidance notes
• Contract documentation
• Previous tenders
• Cost plans
• Valuation data
• Industry journals
• Specialist subcontractor information

Question 20

How do you manage these sources of info to ensure compliance with legislation?

Answer 20

• If signed up to NDA, I ensure complete confidentiality - unable to talk with colleagues not party to project
• Use lockable and secure document storage for hard copy documents
• Electronic info kept securely on encrypted servers
• Lock computer when away from desk, comply with IT policies & training
• Obtain client’s written permission if sharing / processing info not available to public domain

Question 21

What is GDPR?

Answer 21

EU regulation on data protection and privacy in EU and EEA. Also addresses transfers personal data outside EU and EEA

Question 22

What is the purpose of GDPR?

Answer 22

• Designed to harmonise data privacy laws across all member countries, greater protection and rights to individuals
• Created to alter how business/organisations handle info
• Potential for large fines and reputational damage if found in breach of rules

Question 23

Key persons outlined within GDPR?

Answer 23

• Data controller - person decides how and why to collect and use data- must make sure processing data complies with data protection law
• Data processor - Separate person processing data on behalf of controller, according to their instructions
• Data subject - individual whom personal data is about
• Data protection officer - leadership role required by EU GDPR, guarantor of compliance with data protection regulations for EU citizens, without replacing functions carried out by supervisory authorities. Oversees data protection approach, strategy and implementation

Question 24

Data processor vs controller?

Answer 24

• Controller = entity determining purposes, conditions and means of processing personal data
• Processor = entity processing data on behalf of controller

Question 25

What constitutes personal data?

Answer 25

- Any info related to natural person / "Data Subject" - used to directly / indirectly identify person - Includes name, photo, email, bank details, social network posts, medical info - Legislation applies to electronic data + stored records that are easily searchable

Question 26

7 key principles of GDPR?

Answer 26

1. Lawfulness, fairness and transparency 2. Purpose limitation 3. Data minimisation 4. Accuracy 5. Storage limitation 6. Integrity and confidentiality (security) 7. Accountability

Question 27

8 individual rights under GDPR?

Answer 27

To: 1. Be informed 2. Access 3. Rectification 4. Erasure 5. Restrict processing 6. Data portability 7. Object 8. Automated decision making and profilling (+ diversity, inclusion and teamworking)

Question 28

Who enforces GDPR?

Answer 28

The Information Commissioner's Office

Question 29

Penalties for breaching GDPR?

Answer 29

Up to 4% of company's annual global turnover, or £17.5m

Question 30

Does GDPR still apply to UK?

Answer 30

Yes- has been kept in UK law as UK GDPR - guidance for UK businesses who receive data from/have offices in EU and EEA. EU GDPR No longer applies after 31st December 2020

Question 31

How does GDPR affect my work as a QS?

Answer 31

- Need to consider amount of info stored - Timescales for keeping info - Sensitivity and how data is used daily - not having screen on view in public, locking computer, not holding data on USB / disks

Question 32

What must companies put in place to ensure GDPR compliance?

Answer 32

- Raise awareness across business - Audit personal data - Update privacy notice - Review procedures supporting individuals' rights and how consent is obtained - Identify and document legal basis for processing personal data

Question 33

What is the Data Protection Act 2018?

Answer 33

- Controls how personal info used by organisations, business, or government - UK's implementation of EU General Data Protection Regulation (GDPR) - Replaces 1998 legislation

Question 34

Key principles of Data Protection Act 2018?

Answer 34

Ensures data is: - Used fairly, lawfully, transparently - Used in way that's adequate, relevant and relevant to only intended purpose - Not retained for longer than necessary - Processed securely inc protection against unlawful use/loss/destruction

Question 35

What are a person's rights under the Data Protection Act?

Answer 35

To: 1. Be informed 2. Access 3. Rectification 4. Erasure 5. Restrict processing 6. Data portability 7. Object to use of data

Question 36

How do companies ensure compliance with data protection legislation?

Answer 36

- Only retain data needed to perform day-to-day operations - If retaining someone's data, ensure the person is informed and advised why they have it - Hold data securely - Keep info up to date, delete info no longer needed

Question 37

What is the Freedom of Information Act 2000?

Answer 37

- Provides public access to info held by public authorities (in 2 ways) 1. Public authorities obliged to public certain info about activities 2. Public entitled to request info from public authorities

Question 38

What should you consider before destroying a document?

Answer 38

- Is the document an original contract/legal doc? - Could the doc be required for litigation / other proceedings? - Does the doc relate to a live project? - Is a back-up copy available?

Question 39

What measures could be taken to protect commercially sensitive info?

Answer 39

- NDA in place - Physical separation of staff - Security of stored info, i.e. locked filing cabinets, password protected servers

Question 40

Are there ways we can protect data when transferring on client's behalf?

Answer 40

- Encryption, password locking - Recorded special delivery - Mark as confidential - Use secure networks and software

Question 41

What is an info barrier?

Answer 41

Physical and/or electronic separation of individuals within same firm- aim to protect confidential information

Question 42

What does the term confidentiality mean?

Answer 42

Info provided but subject to confidence and not shared without permission

Question 43

If 2 separate departments in your firm were working for 2 rival companies, how would you ensure client sensitive data was managed?

Answer 43

- Make client aware of risks involved and ensure they understand the conflict of interest - Ensure they consent to continue (through written confirmation) - Exclusivity of staff arranged - NDAs considered - Separate working locations for team - Secure document and data storage arranged for separate teams

Question 44

What is the meaning of a non-disclosure agreement?

Answer 44

- NDA- protect against sharing confidential data, usually prior to confidential data being shared - Often used when sensitive, innovative or intellectual property is shared to prevent being used by competitors

Question 45

What can you do to protect commercially sensitive info?

Answer 45

Only print docs when necessary, use Atkins sensitivity rating, log out/lock screen when not at desk, only keep data for min time required, don't work in public places

Question 46

What is BIM?

Answer 46

- Process for creating and managing info. Key output is digital description for every building aspect, updated throughout RIBA design stages - Enables increased coordination optimising efficiences and greater whole life value for asset

Question 47

Different levels of BIM?

Answer 47

- L0. No collaboration, 2D info, output via electronic prints/paper - L1. 2D statutory approval info, 3D CAD for design work, electronic info sharing (usually managed by contractor) - L2. Collaborative working with info exchange process- coordination between all parties. Export info to formats i.e. Industry Foundation Class (IFC) and Construction Operations Building Information Exchange (COBIE) Government's min target. - L3. Not yet defined- vision outlined in govt L3 strategic plan- aim to create 'Open Data standards' enable data sharing across whole market, fully cooperative, driving public sector use of BIM

Question 48

Case law relating to BIM?

Answer 48

Trant vs Mott McDonald sets precedence for who is responsible for owning database