Data Management Flashcards
I see you have extracted data from various sources- why is it important to verify this data?
Relied on for advice
When you extracted data, which principles did you follow?
For legitimate purposes
up to date and accurate
only kept for time needed
what happens if you breach data protection rules? / Data Protection Act penalties?
Warnings for first/non compliance
less serious- £8.5m fine of 2% annual turnover
more serious -£17.5m fine or 4% global turnover- whichever is greater
Who is the ICO?
Information Comissioners Office
What data protection training have you done?
Internal training on data controller and data processing
which key role did have you undertaken under GDPR key roles?
data contoller
data processor
What are some of the key requirements under GDPR?
Individuals have the right to have it erased
breach must be reported within 72 hours where there is a loss of personal data - risk of harm to individuals
What are some of the key GDPR principles?
processed lawfully in transparent manner/fair
only collected for specific and legitimate purposes
accurate and up to date
kept in a way that the subject should not be identifiable
processed to ensure security of data
How do you keep data secure?
passwords
two step verification
erasing data you no longer need
anti-virus software
How were the data bases you used within property management stored?
On a network
What are the pros and cons of a subscription (4D)?
PROS
-access to large amounts of data
-analysis
-provide a source- verification
CONS
-limited/inconsistencies
-data inaccuracies
Social Value Data- was this personal data?
No because the data was relating to a postcode, no employee name was given. Therefore, the person was not identifiable.
EPC/LOA schedules- How did you ensure compliance with DPA 2019/UKGDPR?
-follow LSH training
-don’t keep data for longer than necessary
What are the 8 individual rights under the UK GDPR?
-to be informed
-to access
-to erasure
-to rectification
-data portability
-restrict processing
-to object
-automated decision making/profit
What actually is social Value?
positive or negative impacts
a building, place or infrastructure has on
the environment, economy or community
What does TOMS stand for?
Themes, Outcomes and Measures
What is 4D monitoring?
smart building technology that enables facility management stakeholders to create sustainable, energy efficient properties.
Where is the equipment placed?
key plant room equipment to extract performance data (gives insight into building performance)
What is the freedom of Information Act 2000?
Gives individuals the right to access information held about them by public bodies (must respond within 20 days)
Exemptions-criminal matter or COI
What would an abnormality be in 4D equipment?
unusual patterns (dip/spikes) ie lights left on.
What is done about 4D equipment not working?
check in’s with FM’s to detail abnormalities- might be equipment issue or something they can control ie turn heating off over weekend.
Why did you choose those 17 measures?
Together with Social Value Portal identified key business milestones and what we were trying to solve:
Themes, Jobs, Growth, Social, Environment + Innovation
NT1: no of local people employed (Jobs)
NT18: total spent on local supply chain through contract (Growth)
NT32: No of car miles saved on environment (Environment)
-supporting local skills and employment
Measures not as relevant to LSH:
-no of people employed to identify and manage risk of modern slavery
-initiatives aimed at reducing crime
Was the 30 mile distance decided by you or SVP?
This is decided by SVP. Their
What are the outcomes?
A retrospective report is written up with outcomes- with the 17 measures LSH delivers over £63,475,992.
using their calculator.
eg 1,173 weeks of apprenticeships
31 weeks of work placements
What did the internal data base look like?
Spreadsheet
Were there any GDPR issues with collecting and storing this information- did you have to notify anyone?
No- it could not identify individuals
data was erased whenever report was complete.
EPC Schedule example- how did you advise the client?
using database to advise client on number of EPCs needing updated.
What is manual consumption data?
Tenants providing their usage (LOA providing alternate route)
What kind of decisions would LL be able to make from tenants utility data?
upgrading lighting (LED), sensor lighting
energy efficient - dual flush, sensor taps
renewable energy
switching to electric boiler
What does the 2018 Data Protection Act relate to?
Personal Use of Data by 3rd parties, gives individuals the right to control and be informed how their data is used.
What are some of the benefits of a database?
-Efficient Management of data
-Data Analysis
-Creates a resource
-Holds data securely
-Rigid approach - improves accuracy
What are some of the key requirements of the Data Protection Act 2018?
-impact assessments required for high risk holding of data
-data controller decides how/why personal data is processed
-individual rights to access and erase personal data
-data accountability- organisations need to be able to prove to ICO that they’re complying with regulations
-data breaches need to be reported to the ICO within 72 hours
-fines up to £17.5m/4% global turnover
What is a typical storage medium?
flash drive / solid state
What are some of the main issues with software?
Compatibility Issues
Fragile (can fail)
protection
access
Legacy issues
What are the advantages of storing data off site?
A- cheaper
D- potential security risks, loss of data
If storing data off site- what measures?
-Appropriate IT specialists
-Data Encryption and access restriction
-data loss prevention systems (mirror servers)
-risk assessments
-policies for mobile data management
Key themes under the RICS Futures Report ?
Data / technology
ESG and Sustainability
Inclusion
Ethics and Standards
Where can data be stored?
Local- attached to a physical device (only accessed from that device)
Network - (LSH use)!! accessed via multiple devices
Cloud - held off site in logical pools
What does data accountability mean?
Organisations need to prove to the ICO how they comply with data regulations.
What is a data base?
Organised data held electronically
What does interrogating data mean?
Checking quality- spot checking
What are some potential risks to data secutiry?
Malware and viruses
data phishing attacks
loss of physical devices
corruption
What are some data security technology examples?
site back ups
password protection
anti-virus
Any RICS Guidance on data handling and cyber crime?
Data Handling and the Prevention of Cybercrime
What is open sourced data?
Used By anyone
What does the ICO do?
Polices data under 4 key pieces of legislation
1.) Data Protection Act 2018
Privacy and Electronic Communications (EC Directive) Regulations 2003
Freedom of Information Act 2000
Environmental Information Act 2000
How can you assess personal data under DPA 2018?
-can be phone, ideally writing
-identity confirmed
-info provided in accessible and concise format
when must firms respond to requests for personal data?
1 month
3 months (only if complex)
What is the relationship between the GDPR and the Data Protection Act?
UK GDPR is implemented by the Data Protection Act
