Data Management

Question 1

What is your understanding of the term Confidentiality?

Answer 1

Where information is provided but is subject to confidence and not shared without permission.

Question 2

What is your understanding of the term Meta Data and why is this important?

Answer 2

Info about a specific piece of data i.e author, file size, date document was created and keywords to describe the document.
Must afford same level of care to Meta Data as for other data.

Question 3

What is your understanding of Intellectual Property and Copyright?

Answer 3

IP - right to control use and ownership of original works.
Copyright - Type of IP that gives the creator of the original work or another right holder the exclusive and legally secured right to copy, distribute, adapt, display and perform creative work for a limited time.

Question 4

What is the Freedom of Information Act 2005?

Answer 4

Primary legislation that controls access to official information.
The act permits the public right of access to information held by public authorities.
Info must also be published via the public authorities publication scheme.
The Act is retrospective covering all info held, before during and after the act was enacted.

Question 5

What are the benefits of cloud based storage systems?

Answer 5

Info backed securely on encrypted servers.
Easily accessible.
Cheaper than physically storing and managing files.
Convenient to send and share files.
Environmentally friendly.
Multiple users can access the same document.
Documents and folder systems can be synchronised.

Question 6

What is the meaning of a non-disclosure agreement?

Answer 6

NDAs used to protect against the disclosure or sharing of any confidential data.
Requires signing of document to enact the NDA.

Question 7

If two separate departments within your firm were working for two rival companies, how would you ensure client sensitive data was managed?

Answer 7

Make client aware of risks and check their understanding of COIs.
Get client to sign a letter of instruction.
Exclusivity of staff would be arranged.
NDAs would be considered.
Separate working locations.
Secure document and data storage would be arranged to be used exclusively for the separate teams.

Question 8

What is the Data Protection 2018?

Answer 8

Replaces the 1998 legislation and manages how personal data is processed by organisations and the government.
It is the UK legislation for the implementation of the EU General Data Protection Regulations (GDPR).

Question 9

What are the key principles of the Data Protection Act 2018?

Answer 9

Act ensures data is:
Used fairly, lawfully, transparently.
Used in a way that is adequate, relevant and limited to only the purpose it is intended.
Is retained for no longer than is necessary.
Processed securely including the protection against unlawful use, loss or destruction.

Question 10

What are a person’s rights under the Data Protection Act?

Answer 10

People have the right to:
Be informed about how their data is being used.
The right to access their data.
The right to have incorrect information updated.
To have their date erased.
To stop or restrict the processing of their data.
The right of portability.
To object to the use of their data.

Question 11

What are the key persons outlined within GDPR?

Answer 11

Controller - Person or entity that determines the purpose and means of processing personal data i.e. employer is the controller for employee personal data.

Processor - Person or entity that processes person data i.e. call centre acting on behalf of client is the processor.

Data Protection Officer (DPO) - Leadership role required by EU GDPR. Exists within companies that process personal data of EU citizens. A DPO is responsible for overseeing the data protection approach, strategy, and its implementation.

Question 12

What are the 8 individual rights under GDPR?

Answer 12

Right to be informed.
Right to access.
Right of rectification.
Right to erasure.
Right to restrict processing.
Right to data potability.
Right to object.
Right to automated decision making and profiling.
Diversity, inclusion and team working.

Question 13

What different sources of information do you use in your day-to-day surveying?

Answer 13

RICS guidance notes.
Valuation Data.
Industry Journals.
Central Database
Electronic Data Management Application
Rating manual
Council Tax manual
Rent and Lease Details Forms

Question 14

How do you manage these sources of information to ensure compliance with the legislation?

Answer 14

If signed up to NDA, maintain complete confidentiality, Do not discuss with colleagues not party to the project.
Keep data secured in EDRM or CDB.
Computer is locked when away from screen.
Passwords are regularly updated.
Latest firmware is installed to ensure most up-to-date firewalls are in place.
Ask for signed Authority to Acts before discussing cases with other parties.

Question 15

How do companies ensure compliance with the Data Protection Legislation generally?

Answer 15

Should only retain data needed to perform day-to-day operations.
If data is being retained, should inform the individual why they have it.
They should hold the Data securely.
They should keep the information up-to-date and delete information they no longer need.

Question 16

How long do you need to keep data for?

Answer 16

6 years if contract is signed underhand.
12 years if the contract is signed as a deed.
RICS recommends up to 15 years, this is the limitation for most legal claims.

Question 17

What constitutes personal data?

Answer 17

Any info related to a person or data subject that can be used to identify a person.

Question 18

What are the 7 key principles of GDPR?

Answer 18

Lawfulness, fairness and transparency.
Purpose limitation.
Data minimisation.
Accuracy.
Storage limitation.
Integrity and confidentiality (security).
Accountability.

Question 19

Who enforces GDPR?

Answer 19

The Information Commissioner’s Office

Question 20

If you intend to destroy a document, what things should you consider beforehand?

Answer 20

Is the document an original or legal document?
Could the document be required for litigation or other proceedings?
Does the document relate to a live project?
Is a backup copy available?

Question 21

What measures could be taken to protect commercially sensitive information?

Answer 21

Have an NDA in place.
Physical separation of staff.
Security of stored documents, including locked cabinets and passwords.

Question 22

Are there any ways that we can protect data when we are transferring it on a client’s behalf?

Answer 22

Encryption and password locking.
Recorded special delivery.
Mark it as confidential.
Using secure networks and software.

Question 23

What is an information barrier?

Answer 23

A physical/electronic separation of individuals within the same firm. The aim is to protect confidential information.

Question 24

What things must companies put in place to ensure GDPR compliance?

Answer 24

Raise awareness across their business
Audit all personal data
Update their privacy notice
Review their procedures supporting individuals’ rights
Identify and document their legal basis for processing personal data under the GDPR
Review how they seek, obtain and record consent

Question 25

What do the Privacy and Electronic Communications Regulations 2003 apply to?

Answer 25

The UK’s implementation of the EU ePrivacy Directive
A set of rules that protect the privacy rights of customers when using electronic communication for marketing
A complement to the Data Protection Act and the UK GDPR
Specific rules on marketing calls, emails, texts and faxes; cookies (and similar technologies); keeping communications services secure; and customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.

Question 26

Can Intellectual Property be transferred?

Answer 26

Intellectual property rights can be transferred through a written agreement, such as a contract or assignment.
The agreement should clearly state the details of the transfer, including the specific intellectual property rights being transferred, the parties involved, and any conditions or limitations.

Question 27

What should you do if you receive a freedom of information request?

Answer 27

You normally have 20 working days to respond to a request.
For a request to be valid under the Freedom of Information Act it must be in writing, but requesters do not have to mention the Act or direct their request to a designated member of staff

Question 28

Can you tell me about the retention of files and the Limitation Act 1980?

Answer 28

• The Limitation Act 1980 is a section of UK law that sets out rules for how long someone can take legal action to recover money they are owed.
• The Limitation Act 1980 only applies when no contact has been made between the creditor and debtor within the given time limit and only applies to residents of England and Wales.
• Legal documents to be kept for 6 years:
   County Court Litigation
   Debt collection
   Immigration
   Personal injury
   Crime

Legal documents to be kept for 15 years:
 Commercial property
 Commercial transactions
 Financial Services
 Matrimonial matters
 Probate
 Property sales
 Residential property purchases
 Sales of leasehold properties
 Children

Files that should be kept for longer than 15 years:
 Change of name
 Company formation
 Court of Protection
 Declaration of trust
 Patents/intellectual property matters
 Pension schemes
 Power of attorney
 Wills

Question 29

How do you validate information?

Answer 29

Cross-referencing
Fact checking

Question 30

What is the difference between a deed and a registered title?

Answer 30

The deed is the physical document that proves ownership. The title is the concept of legal ownership that the deed grants.

Question 31

How do you source title information?

Answer 31

Request from client / acting party (solicitor)
Access the register available online

Question 32

What are the differences between manual and electronic records?

Answer 32

Paper documents are difficult to search, carry, copy, and modify.
Paper documents are easily damaged, misfiled or misplaced.
Electronic documents are delivered by networks, disks, flash memory and CD/DVD and are stored on a file system.
Multiple users can read and review electronic document simultaneously.
Electronic documents can be hacked from external operators.

Question 33

What is an index map?

Answer 33

Index maps are a type of finding aid that enables users to find a set of maps covering their regions of interest along with the name or number of the relevant map sheet.
An index map provides geospatial data on either a sheet of paper or a computer screen.

Question 34

What does encryption mean?

Answer 34

The process of converting information or data into a code, especially to prevent unauthorized access.

Question 35

What is a firewall?

Answer 35

A network security device that monitors traffic to or from your network. It allows or blocks traffic based on a defined set of security rules.

Question 36

How can you protect electronic data from viruses?

Answer 36

Keep systems, browsers and important apps up to date.
Antivirus software
Antispyware software
Firewalls
Strong passwords
Be wary of phishing and suspicious emails
Use a secure wi-fi connection (Virtual Private Network VPN)

Question 37

What does block chain mean?

Answer 37

A system in which a record of transactions, especially those made in a cryptocurrency, is maintained across computers that are linked in a peer to peer network.

Question 38

What is BIM and how can it be used?

Answer 38

Building Information Modeling is a workflow process.
It is based around models used for the planning, design, construction, and management of building and infrastructure projects.
BIM software is used to model and optimize projects by planning, designing, building, and operating BIM models.

Question 39

What is ISO 9001?

Answer 39

Sets the requirements on how firms should control data and documents relevant to the service they provide.
Sets requirements for a company’s Quality Management System (QMS), which is about the management of the entire enterprise and its operational processes.

Question 40

What are the requirements of ISO 9001?

Answer 40

The ISO 9001 standard requires an organisation address seven key areas – also known as clauses – in order to achieve continual improvement within their Quality Management System:
* Context of the organisation.
* Leadership.
* Planning.
* Support.
* Operation.
* Performance evaluation.
* Improvement.

Question 41

What does ISO 27001 relate to?

Answer 41

The international standard for information security.
It sets out the specification for an effective ISMS (information security management system).
ISO 27001’s best-practice approach helps organisations manage their information security by addressing people, processes and technology.

Question 42

Why is quality management important?

Answer 42

It helps an organization achieve greater consistency in tasks and activities that are involved in the production of products and services.
It increases efficiency in processes, reduces wastage, and improves the use of time and other resources.
Helps improve customer satisfaction

Question 43

What is an Electronic Document Management System (EDMS)?

Answer 43

A software that centrally stores and organises documentation in one digital repository.

Question 44

What do you understand by the Civil Evidence Act 1995?

Answer 44

An Act to provide for the admissibility of hearsay evidence, the proof of certain documentary evidence and the admissibility and proof of official actuarial tables in civil proceedings; and for connected purposes.

Question 45

Are electronic signatures accepted by the Land Registry?

Answer 45

Yes - Under English law, a deed can be validly signed and witnessed using an electronic signature platform, such as DocuSign eSignature, in situations where the law allows electronic signing.

Question 46

What type of documents can electronic signatures be used for?

Answer 46

• Legal documents
• Contractual agreements
• Invoices
• Financing documents

Question 47

What is data redundancy?

Answer 47

When the same piece of data exists in multiple places, whereas data inconsistency is when the same data exists in different formats in multiple tables. Data redundancy can cause data inconsistency, which can provide a company with unreliable and/or meaningless information.

Question 48

How does the Commission for Revenues and Customs Act 2005 apply to data management?

Answer 48

HMRC has a statutory duty of confidentiality set out in the CRCA 2005.
HMRC must comply with general law principles when considering any disclosure and be compliant with the General Data Protection Regulation (GDPR), Data Protection Act 2018 and the Human Rights Act 1998 when disclosing information.
Any disclosure of information must be proportionate, relevant and limited to what is necessary to achieve its purpose.

Question 49

How does the CRCA 2005 apply to the FOIA?

Answer 49

A disclosure by HMRC in compliance with FOIA is a lawful disclosure under CRCA but information relating to identifiable individuals or legal entities is exempt from disclosure under FOIA.

Question 50

What is a SAR?

Answer 50

Subject Access Request (SAR) allows an individual the ability to ask a company or organisation to provide data about them.

Question 51

What is Business Management System?

Answer 51

A set of tools for strategic planning and tactical implementation of policies, practices, guidelines, processes and procedures that are used in the development, deployment and execution of business plans and strategies and all associated management.