Data Management Flashcards
What is essential when accessing data?
Consider the reliability of the source and associated risks; where possible, you should verify data against an alternative source through ‘triangulation’
Give examples of data security technologies?
- Disk encryption
- Regular backups off site
- Password protection and use of anti-virus software protection
- Firewalls and disaster recovery procedures
What is copyright?
A set of exclusive rights granted to the author or creator of any original work, including the right to copy.
- These rights can be licensed, assigned or transferred
- It is a form of intellectual property
- Crown Copyright refers to all material created and prepared by the government, such as laws, public records, official press releases and OS mapping
- It is important to acknowledge any copyright for information and duplication in your work
What is the UK General Data Protection Regulation and the Data Protection Act 2018?
EU’s GDPR no longer applies to the UK, but is almost entirely transcribed into UK’s GDPR
- Supplemented by Data Protection Act 2018; combined regime replaces the Data Protection Act 1988 and relates to personal data
Aims to create a single data protection regime affecting businesses, and empower individuals to take control of how their data is used by 3rd parties
- It gives people rights to be informed about how their personal information is being used
What are the key requirements of the UK GDPR and Data protection act 2018?
-Obligation to conduct data protection impact assessments for high risk holding of data
- New rights for individuals to have access to information on what personal data is held and to have it erased
- A data controller decides how and why personal data is processed and is directly responsible for GDPR
- new principle of ‘data accountability’ ensuring that organisations can prove to the Information Commissioners Office (ICO) how they comply with new regulations
- Data security breaches need to be reported to ICO within 72 hours where there is a loss of personal data and a risk of harm to individuals
- Fines to up to 4% global turnover of the company or £17.5m (whichever is greater)
- Policed by the ICO
What are the principles of UK GDPR; Article 5 (1)?
Relates to the storage of personal data and states that data must be:
- Processed lawfully, fairly and in transparent manner in relation to individuals
- collected for specified, explicit and legitimate purposes and npt further processed in a manner that is incompatible with those purposes
- adequate, relevant and limited to what is necessary for the purposes for which they are processed
- accurate and where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
- Kept in a form which permits identification of data subjects for no longer than it is necessary for the purposes for which the personal data are processed
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
What are the principles of UK GDPR; Article 5 (2)?
requires ‘that the controller shall be responsible for, and be able to demonstrate, compliance with the principles’
What are the 8 individual rights under GDPR?
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability (to use for their own purposes)
- Right to object
- Right to automated decision making and profiling (as undertaken by insurance companies)
What is the freedom of information act 2000?
Gives individuals the right of access to information held by public bodies
- The public body must tell any individual requesting sight of information whether it holds it
- Normally the public body is required to supply it in 20 working days in the format requested
- it can charge for the provision of information
What are the exemptions to the freedom of information act
- Contrary to GDPR requirements
- It would prejudice a criminal matter under investigation or a person’s / organisations commercial interest
What is the security of data?
Security of electronic data can be improved using firewalls, encryption and passwords
Understand how a non-disclosure agreement works
What is the Proposed RICS professional statement on Data Handling and Prevention of cybercrime?
A data handling and prevention of cybercrime professional statement is proposed covering best practice and mandatory obligations with which RICS professionals and regulated firms must comply
It is proposed to address how surveyors capture, store and share data appropriately and securely and is likely to mandate policies, practices and training for all regulated firms and members