Data Management

Question 1

What regulation governs laws on data protection and privacy?

Answer 1

UK General Data Protection Regulation 2020

Question 2

What is the maximum GDPR fine set by UK GDPR and DPA 2018?

Answer 2

17.5 million or 4% of annual global turnover (whichever is highest)

Question 3

Data offences can be punished by what?

Answer 3

• Warnings
• Temporary or permanent ban on data processing
• Restriction or erasure of data
• Suspend data transfers to 3rd party countries

Question 4

What is the Data Protection Act 2018?

Answer 4

• UK’s implementation of GDPR
• Replaced the DPA 1998
• Controls how personal information is used by organisations, businesses or the government
• Designed to protect personally identifiable information

Question 5

What is the Freedom of Information Act 2000?

Answer 5

• Gives individuals the right of access to information held by public bodies
• Public body must tell any individuals requesting sight of the information whether it holds that information
• Must be supplied within 20 working days in the format required
• Can be charged for the provision of the information

Question 6

How do Freedom of Information Act 2000 requests work?

Answer 6

• Must be in writing
• Information must not be exempt

Question 7

What security measures can you use to protect data?

Answer 7

• Password protection
• Security markings
• Physically locking storage units
• Encryption firewalls
• Two factor authentication

Question 8

What best practices would you encourage in terms of managing data?

Answer 8

• Cross reference computer with hard copy
• Back up IT systems
• Write once, read many times
• Keep an audit trail
• Ensure electronic signature cannot be altered (send PDF not Word)

Question 9

Tell me what you know about GDPR?

Answer 9

• Following Brexit, the UK GDPR 2020 was introduced.
• This set out the main responsibilities for organisations using, storing and handling personal data
• Article 5 sets out consumer rights
• Applies to the VOA - the right to correct is something we actively do in the Check stage in CCA and in the form of return where personal data is explicitly collected

Question 10

What is personal data?

Answer 10

Any information which is related to an identified or identifiable person

Question 11

What are encryption, firewalls and blockchain?

Answer 11

Encryption = Securing data by encoding it mathematically so it can only be read or destroyed by those with the correct key or cipher

Firewall = Network security device that monitors traffic to/from your network, it allows/blocks traffic based on a set of security rules

Blockchain = Digitally distributed, decentralised public ledger that exists across a network

Question 12

How do you process and handle confidential information?

Answer 12

• Don’t print what I don’t need to
• Ensure appropriate saving with correct name conventions
• Don’t leave computer unlocked or unattended

Question 13

How do you extract data from a source regularly used in your role?

Answer 13

• Internal database - CDB for rental and sale information
• Set parameters for data to refine prior to download
• Use filters on Excel to refine the data to what I need

Question 14

What is an Electronic Document Management System (EDMS)?

Answer 14

• Software package designed to manage electronic information and records within an organisation’s workflow
• Allows a user to manage the creation, storage and control of records while allowing others to access and edit documents

Question 15

What type of documents can electronic signatures be used for?

Answer 15

To replace handwritten signatures in virtually every personal or business process
e.g. contracts, application forms and non-disclosure agreements

Question 16

How do you ensure that data is kept securely?

Answer 16

• Permission levels on EDRM and Sharepoint to restrict who can access data, preventing conflicts o interest in terms of accessing information
  e.g. rating valuer accessing plans and data collected for a different purpose
• Back up work/systems where necessary
• Ensure properly labelled as ‘Official - Sensitive’ info to show others that care must be taken

Question 17

How do you validate information?

Answer 17

• Cross check with another source
• Call to get further information/confirm details
• Adopt a common sense approach

Question 18

What are the pros and cons of primary data?

Answer 18

Pros

• Specific to needs
• Greater control
• More up-to-date
• May be more accurate

Cons

• Expensive (may make it more difficult)
• Time consuming

Question 19

What are the pros and cons of secondary data?

Answer 19

Pros

• Easily accessible
• Affordable
• Less time consuming

Cons

• May lack reliability
• May be outdated
• May have to deal with irrelevant data before finding suitable data

Question 20

You shared rental evidence with an agent for rating purposes. did you have permission to share that information?

Answer 20

• Yes, the VOA is subject to the Commissioners for Revenue and Customs Act 2005
• This covers the confidentiality of information held by the VOA and when its lawful to disclose that information
• VOA cannot disclose information except in limited circumstances including legislative gateways/consent
• Section 18(2) and (3) allows sharing of data so long as it is reasonable and proportionate to do so
• BA treats information from VOA as confidential even if the information sharing agreement is terminated

Question 21

What is Section 18 of the CRCA 2005?

Answer 21

It sets out where information can be disclosed. Do not disclose this information unless:

• it is essential for one of our functions
• it is allowed by specific legislation
• it is with consent of the customer
• it is in the course of civil proceedings

Question 22

What is Section 7 of the CRCA 2005?

Answer 22

It sets out the VOA’s functions:

• compilation and maintenance of rating lists and council tax lists
• valuation of property

Question 23

What is Section 10 of the CRCA 2005?

Answer 23

It allows the VOA to provide a valuation of property:

• for any purpose relating to its function
• at the request of a public authority

Question 24

How did you store data collected on inspection?

Answer 24

• Electronically using Word and Excel
• Uploaded inspection notes and photographs to EDRM system with access restrictions and appropriate name and labelling

Question 25

Can other colleagues access information you are working on?

Answer 25

Not if they are in a different team
e.g. DVS will not be able to access information stored for rating purposes

Question 26

What are the exemptions in the Freedom of Information Act 2000?

Answer 26

• Personal data
• National security
• Information held by the VOA for its functions that either directly identifies a person or enables their identity to be deduced from it, is exempt from disclosure under S44 of the FOI Act 2000 as it is prohibited by S23 of the CRCA 2005.

Question 27

Tell me about the DPA 2018?

Answer 27

• Controls how your personal information is used by organisations, businesses or the government
• Everyone responsible for using personal data has to follow strict rules called ‘Data Protection Principles’ also known as PACKAP
• Consumer rights (ACCEP)

Question 28

How long do you keep information for and how is it disposed of?

Answer 28

• Kept for a minimum of 6 years
• VOA has a team who deals with erasure and data disposal

Question 29

What regulation covers sharing data?

Answer 29

Commissioners for Revenue and Customs Act 2005 (CRCA)

Question 30

What are the benefits of cloud based systems?

Answer 30

• Information is backed up by encrypted servers
• Accessibility can be managed via online settings
• Cheaper than physically storing and managing files
• More convenient to send and share files
• Environmentally friendly
• Multiple users can access the same document at the same time

Question 31

What is a non-disclosure agreement?

Answer 31

• Used to protect against the disclosure of sharing any confidential data
• Prior to information being shared, clients will typically request tat the recipient signs up to an NDA
• Often used to prevent confidential or sensitive property information being used or talked about by competitiors

Question 32

If two departments within your firm were working for rival companies, how would you ensure sensitive data is managed?

Answer 32

• Make the client aware of risks
• Conflict of interest protocol
• Informed consent
• Keep staff exclusively in one team
• NDAs
• Separate working locations
• Use secure document systems with access restrictions

Question 33

Who are the key persons outlined within GDPR?

Answer 33

Controller = person that determines the purpose and means of processing personal data e.g. employer

Processor = person that processes personal data on behalf of the controller e.g. call centres acting on behalf of its client

Data Protection Officer = leadership role required by EU GDPR - responsible for overseeing data protection approach study and implementation

Question 34

What should companies put in place to ensure GDPR compliance?

Answer 34

• Raise awareness across the business
• Audit personal data
• Review procedures supporting individual rights
• Identify and document the legal basis for processing personal data under GDPR
• Train staff and give them the information

Question 35

What personal and confidential information does your organisation hold?

Answer 35

• Personal data relating to VOA employees
• Emails containing sensitive or confidential information
• Customer correspondence received in confidence
• Customer records
• Property information
• Contractual information relating to past, present or future companies

Question 36

What is disclosure?

Answer 36

• Sharing information with others
• Before sharing information you must be sure you have the right to disclose it and the person requesting it has the right to receive it

Question 37

What two ways does the FOI Act provide the public with access to information held by public authorities?

Answer 37

1) Public authority obliged to publish certain information about their activities

2) Members of the public are entitled to request information from public authorities

Question 38

When would you disclose information about taxpayers/customers to third parties?

Answer 38

In line with the CRCA 2005:
- if essential to functions
- in line with legislation
- consent
- civil proceedings

e.g. law allows us to disclose rental information when dealing with a rating challenge and the appellant can request rental information proportionate to ours

Question 39

How do you deal with someone requesting to access their own personal information?

Answer 39

• Deadline of 1 month to response to request
• Forward to subject access request (SAR) inbox immediately
• If part of an outstanding case, would consider if it can be dealt with more appropriately as business as usual under CRCA
• Verbal request for property information cannot always be answered verbally - we may require verification of the person’s link to the property before deciding to disclose

Question 40

How would you deal with a FOI request?

Answer 40

• Check the request is made in writing
• Check it includes the requester’s name and address and clearly describe the information wanted
• Forward request to FOI inbox team

Question 41

What are the 7 principles of the DPA?

Answer 41

Information held must be:

1) Secure
2) Fairly and lawfully processed for relevant purposes
3) Accurate and up-to-date
4) Not kept longer than necessary
5) Not given to 3rd parties
6) Disposed of securely
7) Processed in line with the data subject’s rights

Question 42

What are the 3 principles of GDPR and DPA 2018?

Answer 42

• Lawfulness, fairness and transparency
• Purpose limitation
• Data minimisation

Question 43

How do you comply with UK GDPR and DPA 2018 in your role?

Answer 43

• I am aware of different types of information we hold
• I complete the relevant training on understanding UK GDPR and DPA
• I store data in the appropriate locations
• I use appropriate document markings when storing and sharing information (Official-Sensitive)
• I use secure information sharing such as Outlook rather than Teams

Question 44

What are the 7 principles of GDPR?

Answer 44

1) Lawfulness, fairness and transparency
2) Purpose limitation
3) Data minimisation
4) Accuracy
5) Storage limitation
6) Integrity and confidentiality
7) Accountability

Question 45

What are the 8 individual rights under GDPR?

Answer 45

• To be informed
• To access
• To rectify
• To restrict processing
• Data portability
• To object
• To automated decision making and profiling

Question 46

What do the Privacy and Electronic Communications Regulations 2003 apply to?

Answer 46

• UK’s implementation of EU eprivacy directive
• Set of rules that protect the private rights of customers for marketing
• A complement to the DPA and UK GDPR
• Specific rules on marketing calls, emails, texts and faxes; cookies; customer privacy; keeping communication services secure

Question 47

What is copyright?

Answer 47

It is the exclusive and assignable legal right given to the originator for a fixed number of years to print, publish, perform, film or record literary, artistic or musical material

Question 48

What is Intellectual Property (IP)?

Answer 48

It is intangible property that is the result of creativity, such as patents, copyrights etc.

Question 49

Can Intellectual Property (IP) be transferred?

Answer 49

Yes

• Through written agreement such as a contract or assignment
• It should clearly state the details of the transfer including specific IP rights being transferred, parties involved and conditions/limitations

Question 50

What is the Limitation Act 1980?

Answer 50

It is a section of UK law that sets out rules for how long someone can take legal action to recover money they are owed.

It only applies when no contact has been made between the creditor and debtor within the given time limit and only applies to residents of England and Wales.

Question 51

Tell me about the retention of files under the Limitation Act 1980?

Answer 51

Files kept for 6 years:
- personal injury
- crime
- debt collection
- county court litigation
- immigration

Files kept for 15 years:
- sales of leasehold properties
- residential property purchases
- property sales
- probate
- financial services

Files kept for longer than 15 years:
- name change
- wills
- pension schemes
- IP
- company formation

Question 52

What is the difference between a deed and a registered title?

Answer 52

Deed = The physical document that proves ownership

Title = Concept of legal ownership that the deed grants

Question 53

What are the differences between manual and electronic records?

Answer 53

• Paper documents are difficult to search/carry/copy and modify
• Paper documents are easily damaged, misfiled or misplaced
• Electronic documents are delivered by networks, disks, flash memory and CD/DVD and stored on a file system
• Electronic documents can be hacked externally
• Multiple users review electronic documents simultaneously

Question 54

What is an index map?

Answer 54

• A type of finding aid that enables users to find a set of maps covering their regions of interest along with the name or number of the relevant map sheet
• Provides geospatial data on either paper or computer screen

Question 55

How can you protect data from viruses?

Answer 55

• Keep systems, browsers and important apps up to date
• Antivirus software
• Anti-spy software
• Firewalls
• Strong passwords
• Be wary of phishing and suspicious emails
• Use a secure wifi connection (VPN)

Question 56

What does blockchain mean?

Answer 56

A system in which a record of transactions especially those made in a cryptocurrency, is maintained across computers that are linked in a peer to peer network

Question 57

What is BIM?

Answer 57

Building Information Modelling

• Workflow process
• Based around models used for the planning, design, construction and management of building and infrastructure projects

Question 58

What is an AVM?

Answer 58

Automated Valuation Model

RICS definition: “using one or more mathematical techniques to provide an estimate of value of a specified property at a specified date, accompanied by a measure of confidence in the result, without human interaction post-initiation”

Question 59

Explain the growing use of AVMs in the industry

Answer 59

• They are increasingly being used as an input to the valuation process or as a second opinion
• Examples of funds being valued using an internal AVM, with a human valuer reviewing and providing assurance in their roles as an external, independent valuer e.g. Rightmove or Hometrack (used by Zoopla)

Question 60

What is ISO 9001?

Answer 60

• It sets out the requirements on how firms should control data and documents relevant to the service they provide
• Sets out requirements for a company’s Quality Management System (QMS) which is about the management of the entire enterprise and its operational processes

Question 61

What does ISO 27001 relate to?

Answer 61

International standards for information security

• It sets out the specification for an effective ISMS (Information Security Management System)
• Helps organisations manage their information security by addressing people, processes and technology

Question 62

What is the Civil Evidence Act 1995?

Answer 62

It is an Act to provide for the admissibility of hearsay evidence, the proof of certain documentary evidence and the admissibility and proof of official actuarial tables in civil proceedings; and for connected purposes

Question 63

Are electronic signatures accepted by the Land Registry?

Answer 63

Yes

• Under English law a deed can be validly signed and witnessed using an electronic signature platform e.g. Docusign e-signature

Question 64

What type of documents can electronic signatures be used for?

Answer 64

• Legal documents
• Contractual agreements
• Invoices
• Financing documents

Question 65

What is data redundancy?

Answer 65

• When the same piece of data exists in multiple places whereas data inconsistency is when the same data exists in different formats in multiple tables
• Data redundancy can cause data inconsistency which can provide a company with unreliable/meaningless info

Question 66

What is Vlookup used for?

Answer 66

• It is a built-in Excel function used to search for a value in the first column of a table range and return a corresponding value from another column in the same row
• It means “vertical lookup”
• Commonly used for data retrieval and analysis tasks

Question 67

What is a pivot table?

Answer 67

• It is an interactive way to quickly summarise large amounts of data
• Used to analyse numerical data in detail
• Used to query large amounts of data in many user-friendly ways

Question 68

What is a Business Management System?

Answer 68

• A set of tools for strategic planning and tactical implementation of policies, practices, guidelines, processes and procedures that are used in the development, deployment and execution of business plans and strategies and all associated management