Data Management Flashcards
What are some examples of data security technologies?
- Disk encryption
- Regular backups off site
- Password protection
- Anti-virus software
- Firewalls
What is copyright?
Exclusive rights granted to the author of any original work including the rights to copy.
Rights can be licensed, assigned or transfered.
What is UK GDPR?
Regulations on personal data handling
Why was the UK GDPR introduced?
To respond to changes to technology and the increasing use of technology.
Does the EU GDPR apply to the UK?
No, this was scrapped after Brexit. UK has its own GDPR (2018).
What is the Data Protection Act 2018?
It’s the UK’s implementation of the GDPR. Controls how your personal information is used
What is the aim of the Data Protection Act 2018?
To create a single data protection regime for businesses and individuals to control how their data is used by 3rd parties. Gives people rights to be informed about how their personal information is used.
What are the key requirements on the Data Protection Act 2018?
- Data security breaches need to be reported to the ICO within 72 hours where there is a loss of personal data or risk of harm to individuals
- New rights for individuals to have access to what personal information is held and to have it erased
What are the penalties of non-compliance?
Fines up to 4% of global turnover or £17.5 million (whichever is greater)
Who policies data protection?
Information Commissioners Office (ICO)
What are your rights under the Data Protection Act?
There are 8 individual rights under the UK GDPR:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights to automated decision making and profiling
What are the 7 key principles of the UK GDPR?
Data must be:
- Processed lawfully, fairly and in a transparent manner
- Collected for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary
- Accurate and up to date
- Kept for no longer than necessary
- Kept secure
- The controller is accountable
How are you compliant with GDPR with regards to mailing lists?
Can only add someone to a mailing list or send marketing if they have given permission
Other than GDPR what did the DPA 2018 introduce?
New offences: recklessly obtaining data, storing data without consent
What information can a firm retain to comply with other laws?
ID for AML checks
What systems does your firm have in place to ensure data security?
Password protected systems and files
How would you send sensitive information?
- Password protected files
- Encryption
- Use of firewalls and anti-virus software
- Clear desk policy and locking away confidential documents
- Regular change of password
How would you deal with a data breach?
- Report to the ICO within 72 hours
- Report to my IT department
- Inform clients and those affected
How can you secure your own data?
- Not clicking on junk / phishing emails
- Only log on to secure wifi
- Not sharing passwords
- Safely dispose of personal data
- Lock laptop away at night
- Encrypt data
- Use security software
How can you send data securely?
- Password protected
- Encrypted files
What must you do before sending marketing emails to a client?
Ensure that they have ‘opted in’ and provided consent.
What is the Freedom of Information Act 2000?
Gives individuals the right of access to information held by public bodies.
Public body must tell the individual whether it holds the information – required to supply info within 20 days.
What are the exemptions to the Freedom of Info Act?
- Contravenes with GDPR requirements
- Involves a criminal matter under investigation
What is an NDA? / How does it work?
A binding contract between two or more parties that prevents sensitive information being shared with others. Maintains confidentiality.
What is included in an NDA?
- Name of both parties
- Definition of what is deemed confidential
- The term of the agreement (period of time)
Why is it important to verify third party data?
Ensures accuracy and transparency
How do you analyse data in line with GDPR?
- Apply professional scepticism
- Only base professional judgements on information I’ve verified
How long can you keep data?
No longer than it is needed for the specific purpose
What is a title document?
Legal document providing detailed information on a property.
What is included on a title document?
- Owner
- Price paid
- Tenure
- Boundaries
- Covenants and easements
Is there a RICS note on data handling?
No, however the RICS is proposing to publish a PS on Data Handling and Prevention of Cybercrime 2019. Currently in consultation stage.
What will the Professional Statement include?
- How surveyors capture, store and share data
- Best practices
What is the difference between a data controller and a data processor?
A data controller determines the purposes and means of the processing of personal data. A processor engages in personal data processing on behalf of the controller.
What are the fines if you don’t report a data breach to the ICO within 72 hours?
- Fines up to 4% global turnover
- OR £17.5m
- Whichever is greater
What kind of filing system does your company use?
- Depending on what department an individual works in, we must request and get approval to the shared drive of which confidential information about clients and properties are filed on.
- In my current line of work, data is filed in property specific folders and separated by different categories such as service charge, leases, building reports, asbestos reports etc.
What is data triangulation?
Data triangulation involves using multiple data sources to confirm or refute a finding.
What is Crown Copyright?
Referential material created and prepared by the Government, such as laws, public records, official press releases and OS mapping.
Pros and Cons of Cloud storage
