Data Management Flashcards
What is the Equality Act 2010, and what does it cover?
The Equality Duty replaces the three previous public sector equality duties - for race, disability and gender. The Equality Duty now covers the following protected characteristics:
1 - age
2 - disability
3 - gender reassignment
4 - pregnancy and maternity
5 - race - this includes ethnic or national origins, colour or nationality
6 - religion or belief - this includes lack of belief
7 - sex
8 - sexual orientation
9 - marriage and civil partnership (only in respect of the requirement to have due regard to the need to eliminate discrimination)
What is GDPR?
General Data Protection Regulation (2016) and it came into force on 25 May 2018. It aims to create a single data protection regime for the EU.
What act implemented the GDPR in the UK?
Data Protection Act (2018) which replaced the Data Protection Act 1988
What are the fines for non-compliance with GDPR?
Up to 4% of global turnover or 20 million euros (whichever is greater)
What do you need to do if you have a data breach?
Notify the Information Commissioners Officer (ICO) within 72 hours of the breach occurring
What are the principles of the Data Protection Act 2018?
Data is processed lawfully, fairly and in a transparent manner
Data is collected for a specified and legitimate purpose
Data is accurate
Data is not transferred to countries with less information than your own
What are the individual rights under GDPR?
There are 8:
Information
Access
Rectification
Erasure
Restrict Processing
Data Portability
Object
Automated decision making
What is an SAR?
Subject Access Request - demand that an individual be given all the information that a company holds on them
What are the principles of GDPR?
There are 7:
Lawfulness, fairness and transparency
Purpose of limitation - be specific about the purpose of the data collection
Data minimisation - only collect it when you need it
Accuracy
Storage limitations - store data for a necessary limited period and then erase
Integrity and confidentiality - keep it secure
Accountability - record and prove compliance
What is your understanding of the term confidentiality?
Where information is provided but is subject to confidence and not shared without permission
What is your understanding of the term Meta Data and why is this important?
Meta Data is information about a specific piece of data, e.g., file size, author, date a document was created
It is important as we must ensure that Meta Data is afforded the same level of care as all other confidential data.
What is your understanding of Intellectual Property and Copyright?
This is the right to control the use and ownership of original works.
Work generally created by an employee usually belongs to their employer unless copyrights are put in place.
What is the Freedom of Information Act 2005?
Primary piece of UK legislation that controls the access to official information.
The act permits the public right of access to information held by public authorities.
Information must be published through the public authorities publication scheme.
The act covers all information held and not just information since the act came into effect.
What are the benefits of cloud-based storage systems?
Information is backed up securely on encrypted servers.
Accessibility can be managed via online settings.
Often cheaper than costs of physically storing and managing files.
Convenient to send/share files online
More environmentally friendly
Multiple users can access the same documents
Documents and folder systems can be syncronized
What is the meaning of a non-disclosure agreement?
Non-disclosure agreements are used to protect against the disclosure or sharing of any confidential data.
If two separate departments within your firm were working for two rival companies, how would you ensure client sensitive data was managed?
I would make the client aware of the risks involved and check their understanding of the conflict of interest. I would ensure a letter of instruction to continue was obtained from the client. Exclusivity of staff would be arranged and the use of NDAs would be considered. Separate working locations from each of the teams would need to be put in place. Secure document and data storage would be arranged to be used exclusively for the separate teams.
What is the Data Protection Act 2018?
The act replaces previous 1998 legislation and manages how personal data is processed by organisations and the government. It is the UK legislation for the implementation of the EU GDPR.
What are the key principles of the Data Protection Act 2018?
The act ensures that data is:
- used fairly, lawfully and transparently
- used in a way that is adequate, relevant and limited to only the purpose it is intended
- retained for no longer than is necessary
- processed securely including the protection against unlawful use, loss or destruction
What are a person’s rights under the Data Protection Act?
People have the right to:
- be informed about how their data is being used
- access their data
- have incorrect information updated
- have their data erased
- stop or restrict the processing of their data
- right of portability
- object to the use of their data
Who are the key persons outlined within GDPR?
Controller - natural person or legal entity that determines the purposes and means of the processing of personal data e.g., employer
Processor - a natural person / legal entity that processes personal data on behalf of the controller e.g., call center acting on behalf of its client
Data Protection Officer (DPO) - leadership role required by EU GDPR. This role exists within companies that process the personal data of EU citizens. A DPO is responsible for overseeing the data protection approach, strategy, and its implementation
What different sources of information do you use in your day-to-day surveying?
RICS Guidance Notes (e.g., surveying safely when inspecting)
Valuation data
How do you manage sources of information to ensure compliance with the legislation?
I use lockable and secure storage for hard copy documents and electronic information is kept securely on encrypted servers.
I always lock my computer when I am away from my desk and update my password regularly to comply with my firms’ IT security policies.
How do companies ensure compliance with the Data Protection legislation?
They should only retain data they need to perform their day to day operations.
If they are retaining someone’s data they should ensure the person is kept informed and advised on why they have it.
They should hold the data securely.
They should keep the information up to data and delete information they no longer need.
What is data?
What sources of data do you use?
How can you make data secure?
Need to write this up further
Encryption
Two factor authentication
Firewalls
