Data Management Flashcards

1
Q

what are the GDPR consumer rights

A

I - Inform

A - Access
C – Consent
C - Correction
E – Erasure
P – Data Portability
ACCEP
(Accep your rights)
~~~

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what regulation governs laws on data protection and privacy

A

UK General data protection regulation 2020

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Article 5 of GDPR requires that personal data should be what? Name at least 3

A
  • Processed lawfully, fairly in a transparent manner (PLT)
  • Adequate, relevant, and limited to what is necessary
  • Collected for specified explicit and legitimate purposes
  • Kept in a form that permits identification of data for no longer than is necessary
  • Accurate and kept up to date, where necessary
  • Processed in a manner that ensures appropriate security of personal data.

PACKAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the maximum GDPR fine set by UK GDPR and DPA 2018

A

17.5 Million or 4% of annual global turnover (whichever is highest).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Data offences can be punished by what? Name two (excluding fines).

A
  • Warnings
  • Temporary or permanent ban on data processing
  • Restriction or erasure of data
  • Suspend data transfers to third party countries.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what is DPA 2018?

A

Data Protection Act 2018

  • UK’s implementation of GDPR
  • Replaced the DPA 1998
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Are you aware of the Freedom of Information Act 2000?

A

Yes it provides the public access to information held by public authorities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

how do FOI Act 2000 requests work?

A
  • Must be in writing

- Information must not be exempt e.g. personal data or national security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What security measures can you use to protect data? Name at least 3

A
  • Password protection
  • Security markings
  • Physically locking storage units
  • Encryption firewalls
  • Two factor authentication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what best practices would you encourage in terms of managing data? Give at least 3

A
  • Cross reference computer with hard copy
  • Back up IT systems
  • Write once, read many times
  • Keep an audit trail
  • Ensure electronic signature cannot be altered. (send PDF’s not word)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

you refer to a valuation of Part 1 claims in Aylesford, how did you use the data collected to advise the senior management of your view?

A

After combinign evidence from multiple sources, I made a spreasheet to illustrated changes in value using colour coding and indexing this allowed me to advise my senior colleague of what data was most useful, I further advised of how the data should be used and stored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

tell me what you know about GDPR

A

General Data Protection Regulation

Following Brexit there is now a UK version called UK GDPR 2020
Set out the main responsibilities for organisations using, storing and handling personal data.

Article 5 sets out the consumer rights which includes the right to be informed, right to access, right to erase, right to correct and right to withdraw consent.

Applies to the VOA – right to correct is something we actively do in the Check stage of CCA and in Form of return where personal data is explicitly collected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How does Freedom of information work and how can it be used?

A

Individual can request information held by public bodies such as minutes from a board meeting

Request must be made in writing

Public body must supply in 20 working days and can charge for this service
Information must not be exempt e.g. personal data or national security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

what is the latest change in data protection regulation?

A

DPA act
2020 GDPR
The Data Protection (Fundamental Rights and Freedoms) (Amendment) Regulations 2023

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How does GDPR affect your firm?

A

right to collect is something we actively do in the Check stage of CCA and in Form of return where personal data is explicitly collected.

FOR data not disclosed outside of agency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

what is the definition of personal data?

A

Personal data are any information which are related to an identified or identifiable person.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

what is encryption/firewalls/blockchain?

A

Encryption is a means of securing data by encoding it mathematically such that it can only be read, or decrypted, by those with the correct key or cipher.

A firewall is a network security device that monitors traffic to or from your network. It allows or blocks traffic based on a defined set of security rules.

A blockchain is a digitally distributed, decentralized, public ledger that exists across a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

describe a time you have used and managed data to communicate some complex, reasoned advice?

A

part 1s - range of sources in spreadsheet, used indexing and colour coding to indicate each sales usefulness, advised that due to data being based on two specific dates it need not be stored for any longer than necessary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

give me an example of how you process and handle confidential information

A

IHT case:

  • Don’t print what I don’t need to
  • Ensure appropriate saving with correct name conventions
  • Don’t leave computer unlocked and unattended
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

tell me about how you extract data from a source regularly used in your role

A

Internal database – CDB for rental information
Set parameters for data to refine prior to download
Use filters on excel to refine the data to what I need

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

what is an electronic document management system (EDMS)?

A

software package designed to manage electronic information and records within an organisation’s workflow.

Using various technologies, an EDMS allows a user to manage the creation, storage, and control of records while allowing other to access and edit documents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What type of documents can electronic signatures be used for?

A

Electronic signatures can be used to replace handwritten signatures in virtually every personal or business process. Examples include contracts, application forms and nondisclosure agreements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Give me an example of how you ensure that data is kept securely.

A

Permission levels on edrm, restricts who can access the data, preventing conflict of interest in terms of accessing information. E.g someone in rating accessing plans and data collected for a different purpose.

Back up work / systems where necessary

When saving data within Electronic data recording system I ensure it is appropriately labelled as Official-sensitive information. To show others that care must be taken.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

how do you validate information

A

Cross check with another source
Call to get further information / confirm details
Adopt a common sense approach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

what are the strengths and limitations of primary/secondary data sources

A

Primary

Pro’s:
Specific to the needs
Greater control (type of data, design, method)
More up to date
May be more accurate

Cons:
Expensive (may make it more difficult)
Time consuming

Secondary

Pro’s:
Easily accessible
Affordable
Less time consuming

Cons:
May lack reliability
May be outdated
May have to deal with irrelevant data before finding suitable data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Have you shared rental evidence with an agent for rating purposes, do you have permission to share that information?

A

Yes - The Valuation Office Agency (VOA), as an executive agency of HMRC, is subject to the Commissioners for Revenue and Customs Act 2005 (CRCA) which covers: the confidentiality of information held by the VOA and when it is lawful to disclose that information.

The VOA is not permitted to disclose information except in certain limited circumstances, including, for the purposes of its functions, where there is a legislative gateway or with customer consent.

Sections 18 (2) and (3) of the Commissioners for Revenue and Customs Act (CRCA) 2005 allows sharing of data / information as long as it is reasonable and proportionate to do so.

The Billing Authority will treat all information supplied by the VOA as confidential even if the Information sharing agreement is terminated.

27
Q

How did you store the data collected for the SDLT’s?

A

Like rental data, the data can be imputted within our CDB, this includes values, comments, links and indicators. This is password protected with further restrictions on access based on your log-in.

28
Q

How do you ensure data is kept secure?

A

Main two points:
Keep it safe from corruption
Control access to data

I do this by:
Password protection
Not leaving computer or files unattended
Access restriction on EDRM
Computer system with regular back ups, encryption and anti-virus software
29
Q

Can other colleagues access information you are working on?

A

No if they are in a different team e.g. DVS then they will not be able to access information stored for rating purposes.

30
Q

Could conflicts arise from colleagues having access to certain information?

A

Yes it could occur if doing a DVS asset valuation and a rating colleague has access to this information. Could disadvantage the client as a result of accessing this data which was not requested for that purpose. Could go against GDPR, however CRCA act may justify it?

31
Q

Freedom of information act 2000 exemptions

A

Personal data
National security

Information held by the VOA for its functions that either directly identifies a person or enables their identity to be deduced from it, is exempt from disclosure under s44 of the
FoIA as it is prohibited by s23 of CRCA

32
Q

Tell me more about the data protection act 2018

A

The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government.

Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
used fairly, lawfully and transparently
used for specified, explicit purposes
used in a way that is adequate, relevant and limited to only what is necessary accurate and, where necessary, kept up to date
kept for no longer than is necessary
handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

Under the Data Protection Act 2018, you have the right to find out what information the government and other organisations store about you. These include the right to:

be informed about how your data is being used
access personal data
have incorrect data updated
have data erased
stop or restrict the processing of your data
data portability (allowing you to get and reuse your data for different services)
object to how your data is processed in certain circumstances

33
Q

What regulation covers sharing data?

A

Commissioners for Revenue and Customs Act 2005

CRCA ACT

34
Q

benefits of cloud based systems

A
  • information is backed up by encrypted servers
  • accessibility can be manged via online settings
  • cheaper than physically storing and managing files
  • more convenient to send and share files online instead of mailing physical copies
  • cloud systems are environmentally friendly
  • multiple users can access the same document and work on it at the same time.
35
Q

meaning of a non disclosure agreement

A

Used to protect against the disclosure or sharing of any confidential data.

Prior to the information being shared, clients will typically request that the recipient signs up to an NDA.

Often used to prevent confidential or sensitive property information being used or talked about by competitors.

36
Q

if two departments within your firm were working for two rival companies how would you ensure client sensitive data was managed?

A
Make client aware of risks
Conflict of interest protocol
Informed consent
Keep staff exclusively in one team
NDA’s
Separate working locations
Use secure document systems with access restrictions
37
Q

who are the key persons outlined within GDPR?

A

Controller – person that determines the purpose and means of processing personal data e.g. the employer.

Processor – person that processes personal data on behalf of the controller e.g., call centres acting on behalf of its client.

Data Protection Officer – leadership role required by EU GDPR. Responsible for overseeing the data protection approach strategy and implementation.

38
Q

what should companies put into place to ensure GDPR compliance?

A
  • Raise awareness across the business
  • Audit personal data
  • Review procedures supporting individual rights
  • Identify and document the legal basis for processing personal data under GDPR
  • Train staff and give them the information
39
Q

What personal and confidential information does the VO hold?

A

Personal data relating to VOA employees
Emails containing sensitive or confidential information
Customer correspondence received in confidence
Customer records
Property information
Contractual information relating to past, present or potential future companies

40
Q

define what disclosure means?

A

The sharing of information with others
Before sharing information you must be sure you have the right to disclose it and the person requestion it has the right to receive it.

41
Q

what does CRCA set the VO’s functions as?

A

Producing rating lists
Council tax valuation lists
Valuation of property

42
Q

what two ways does the freedom of information act provide the public with access to information held by public authorities?

A

Public authorities are obliged to publish certain information about their activities.

Members of the public are entitled to request information from public authorities.

43
Q

when would you disclose information about taxpayers (or their properties) or our customers to third parties?

A

In line with CRCA Act 2005:

  • If essential for one of our functions
  • In line with legislation or statutory gateway under LGFA
  • With consent of the taxpayer, customer or client
  • For civil proceedings such as valuation tribunal hearings

For example, the law allows us to disclose rental information when dealing with a rating challenge. The law also then allows an appellant to request additional rental information proportionate to the rental information we disclose.

44
Q

How would you deal with someone requesting to access their own personal information?

A

There is a deadline of one month to respond to a request. I would forward any request where a requester asks for their own information to the SAR inbox immediately by emailing.

if the request is part of an outstanding case, I would consider if it can be dealt with more appropriately as business as usual under CRCA.

This is known as a Subject Access Request.

A verbal request for property information cannot always be answered verbally. We may require verification of the person’s link to the property before deciding whether we can disclose information.

45
Q

How would you deal with a freedom of information request?

A

Check the request is made in writing (email/letter)
Check it includes the requester’s name and address and clearly describe the information wanted.
Forward request to FOI inbox team

46
Q

Is there any legislation thats specific to your work?

A

The VOA is subject to the Commissioners for Revenue and Customs Act 2005 (CRCA) which covers: the confidentiality of information held by the VOA and when it is lawful to disclose that information.

46
Q

Key difference between GDPR and DPA 2018?

A

GDPR looks to regulate personal data whereas DPA 2018 goes further and regulates non-personal data

47
Q

What can you do to protect against a Data Breach?

A
  • VPN
  • password updating
  • 2 factor auth
  • antivirus software
48
Q

What is your firms data management strategy?

A

we have 4 pillars
1. Data Foundations
2. Data Skills
3. Data Availability
4. Data Responsibility

FRAS

49
Q

How to deal with a data breach?

A

Flag within 48 hours to line manager will then go to ICO
if high risk contact subject of Data breach

then later i would review my involvment, ensure i adhered to data protection policys and RICS ROC

50
Q

What advice did you give in relation to the Rental Analysis conducted?

A

Once I had collated and analysed rental data i have advised senior management on the management of such data. For example in what circumstances the rental data can be disclosed in order to comply with the CRCA 2005.

51
Q

What advice did you give when analysing SDLT’s.

A

i advised on the potential use of transactions based on a verification of land type and development potential conducted using internal data along with local authority planning websites.

52
Q

Outline the advice you gave?

A

SDLT - verification and use
Part 1s - quality of data sources
Rental Analysis - disclosure

53
Q

Types of data?

A

Qualitative - things
Qauntitative - numbers

54
Q

What is the VOA Data Protection Policy?

A

It aims to follow the data protection principles
- lawfulness
- fairness
- transparency
- purpose limitation
- data limitation
- accuracy
- storage limitation
- integrity and confidentiality

DAT FLIPS

55
Q

What roles does your firm have to govern Information?

A

Accounting officer
info asset owner
info asset manager
Data support officer

56
Q

Key principles set out in the CRCA (2005)

A

reasonable
necessary
proportionate

57
Q

Which parts of the CRCA (2005) relate to your firm?

A

VOA - section 10
disclosure- section 18
Criminal Offences - section 19

58
Q

Can you name the 4 types of personal data?

A

people personal - O
property personal - O
sensitive personal - OS
special CAT - OS

59
Q

Why might a FOI request be refused?

A
  • criminal matter under investigation
  • too costly or timely
  • to cause annoyance
  • repeat request
  • against GDPR
60
Q

Max fine for data breach?

A

17.5mil pounds or 4% turnover

61
Q

How would you dispose of sensitive documentation?

A

ICO advice based on DPA 2018 - shred physical documents after retention period set out in privacy policy

For digital documents
- deleted from all devices and softwares
- recycle bin
- back-ups
- sent/recieved emails

62
Q

What measures does your firm take to meet DPA and UK GDPR

A
  • Data Protection Officer
  • policies
  • written contracts on how data will be managed
  • security measures
  • up to date records
  • training