Data Management

Question 1

What are the principles of Data Protection Act (known as GDPR in the EU)

Answer 1

Data must be processed lawfully, fairly and in a transparent manner, collected for specified and legitimate purposes, limited to what is necessary, processed in an appropriate manner, not kept for longer than necessary, accountability

Question 2

What are the rights of individuals under the Data Protection Act?

Answer 2

1. Right to be informed
2. Right of access
3. Right to rectification
4. Right to erasure
5. Right to restrict processing
6. Right to data portability (to use for their own purposes)
7. Right to object
8. Rights to automated decision making and profiling (as undertaken by insurance companies)

Question 3

How do you ensure data security?

Answer 3

Password protection, firewalls, regular back-ups, anti-virus software

Question 4

What is the Data Protection Act 2018?

Answer 4

The Data Protection Act 2018 implements GDPR 2016 into UK law and aims to create a single data protection regime

Question 5

What would you do if there was a data security breach?

Answer 5

Inform ICO within 72 hours

Question 6

What is the penalty for breaching the Data Protection Act?

Answer 6

4% of global turnover or £17.5 million

Question 7

What is the Freedom of Information Act 2000?

Answer 7

Allows individuals the right to access info held by a public body, must be supplied within 20 days

Question 8

What are the elements of an NDA?

Answer 8

Identify parties, definition of what is confidential, scope of confidentiality, length of term agreement, signatories

Question 9

What does Triangulation mean?

Answer 9

To verify data from a third party source.

Question 10

What is the ICO

Answer 10

Information Commissioners Office

Question 11

Any RICS guidance in relation to data and data handling?

Answer 11

There is proposed a RICS Professional Standard on Data Handling and Prevention of Cybercrime.

Question 12

How do firewalls work?

Answer 12

• A firewall is a system that provides security by filtering incoming and outgoing network traffic based on an organisations previously established security policies. The purpose of a firewall is to stop unwanted network communications.

Question 13

What is encryption of data?

Answer 13

• Data encryption is a security method where information is encoded and can only be accessed or decrypted by a user with the correct encryption key.

Question 14

What is a Single Sign on?

Answer 14

• An identity management method which enables users to log in to multiple applications and websites with one set of credentials.

Question 15

If two separate departments within your firm were working for two rival companies, how would you ensure client sensitive data was managed?

Answer 15

• Make the clients aware of the risk including the conflict of interest
• Letter of informed consent
• Receive instruction letter to continue
• State that there would be exclusivity of staff
• NDA’s
• State the staff managing each client would be based in different working locations
• There would be single lines of communication to the client
• Secure storage of files with password protection

Question 15

What is the meaning of a non-disclosure agreement?

Answer 15

• Non-disclosure agreements are legal contracts agreeing not to disclose confidential information that has been shared as a necessary part of conducting business.
• The purpose of NDA’s is to ensure that certain information will remain confidential.
• They are often used when confidential, sensitive or intellectual property information is being shared to prevent this information being used by competitors.

Question 15

What are the benefits of using an SSO?

Answer 15

• Increases security – by adding a two-factor authentication when signing in.
• Improves identity protection
• Saves employees time by signing on once to multiple apps
• Strengthen cybersecurity – as there is no need to physically store multiple passwords.