DATA MANAGEMENT Flashcards

1
Q

What are the procedures in place when handling data on use the VOAs Electronic Data?

A

Access Controls, Password Protected, Regular Updates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How did you share the table with your colleagues so they could use?

A

I uploaded the table onto our Sharepoint, where there is access controls, version control to track changes and where the team can collabately work on the database together.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the main purpose of the Freedom of Information Act 2000 and how might you ensure compliance with this legislation?

A

It provides the public access to information held by public authorities.

Requests must be in writing.

Public body must supply in 20 working days and charge for this service.

Information must not be excempt e.g. personal data and national security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How did you ensure compliance with GDPR regulation when handling comparable evidence?

A

General Data Protection Regulation 2020 (following Brexit)

Sets out the main responsibilities for organisations using, storing and handling personal data.

Consumer Rights (Article 5): The right to be informed, the right to access, the right to erase, right to correct and right to withdraw consent.

Right to CORRECT is something we actively do on the Check stage and in FORs.

FOR data not disclosed outside of agency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Can you talk us through how the VOA ensures compliance with the CRCA Act 2005 regulations?

A

Commissioners for Revenue and Customs Act 2005

CRCA covers: confidentiality of information held by the VOA and when it is lawful to disclose that information.

Section 18 of the CRCA allows sharing of data or information as long as it is reasonable to do so, the BA will treat information provided by the VOA as confidential.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What would the implications be for the VOA if we mishandled personal information?

A

17.5mil or 4% turnover

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How would we deal with a data breach? Has there been a recent data breach?

A

Flag within 72 hours to a protection officer or information commissioners officer if risk to rights and freedoms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How did you store the data and documents associated with this case?

A

VOAs Electronic Database

Password protected
Disk Encryption
Anti-virus software
Firewalls and Distaster Recovery Programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the Data Protection Act 2018?

A

Controls how personal information is used by organsations, buesiness or the government.

Everyone responsible for using personal data has to follow strict rules called data protection principles.

*Used fairly, lawfully and transparently
*Used for specified, explicit purposes
*Used in a way that is adequate, relevant and limited to only what is necessary accurate and when necessary, kept up to date
*Kept for no longer than is necessary
*Handled in a way that ensures appropriate security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the sections of CRCA?

A

Section 17 - allowing sharing of information between HMRC and VOA
Section 18 - permits disclosure of information outside of VOA/HMRC in line with our functions
Section 19 - Makes it criminal to disclose information that can identify individuals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In your cap tax examples you analysed comparable evidence. Can you talk us through how you analysed the data sought?

A

When arriving at an opinion of value, I arranged the comparable evidence into a spreedsheet, used columns for the property address, sale price, area, date of sale and adjustments. This allowed to identify the most comparable properties and determine an opinion of value.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What tools did you use to verify the data? How did you present that data to a senior colleague?

A

verify: cross reference, check source, make contact.

present: concise report, highlighing key information such as (rental rates, occupancy trends and any disreprencies that were identified), presented in an excel or powerpoint.

Use of graphs (e.g. rent comparisons or trends).

Use of tables (original data alongside any adjustments I made, with explanations)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Describe a time you have used and managed data to communicate complex, reasoned advice?

A

A IHT valuation of an estate.

I gathered detailed data of each property, including their size, location, age and condition. I used a range of sources, internal records, rightmove and lease information.

I collected comparable evidence of similar properties including their sale prices, sale dates and condition.

I analysed the comparable evidence using a spreadsheet, using colour coding to indicate each comparables usefulness. This made it easier to demonstrate the variation in property values.

I provided the spreadsheet to a senior valuer in support of my opinion of value so they could better understand how I arrived at the figures I did.

I ensured that the information was not stored for any longer than necessary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Give me an example of how you process and handle confidential information.

A

IHT case:

*Don’t print what I don’t need to
*Ensure appropriate saving with correct name conventions
*Don’t leave computer unlocked or unattended

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Tell me about how you extract data from a source regularly used in your role?

A

Internal Database
*CDB for rental information
- set parameters for data to refine prior to download
- use filters on excel to refine the data to what I need

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

tell me how you’d advise your colleague to use that data?

A
  1. Data security and access control: ensure that all sensitive data is stored securely using encryption, ensure that only authorised prsonnel can access the sensitive data and use a 2 factor login.
  2. Data Privacy and Handling: ensure that personal data is collected only for specific, legitimate puposes and that only the data necessary for those purposes is processed. Ensure that data is stored for as long as necessary- advise to review and securely delete or ananymise data that is no longer required.
  3. Regulatory Compliance: remind colleagues that under the CRCA, the disclosure of taxpayer information is strictly controlled and must comply with this legislation.
  4. Staff training, advise them of the GDR, DPA 2018, FOI and CRCA requirements and what to do if there was a breach.
  5. Ongoing monitoring and auditing.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Are there any recent data scandals?

A

MoneyGram, a major money transfer service, which led to an investigation by the Information Commissioner’s Office (ICO). The breach raised concerns about sensitive financial information being compromised. This breach was particularly alarming because of the volume of affected customers and the sensitive nature of the data involved

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the main purpose of the Freedom of Information Act 2000 and how might you ensure compliance with this legislation?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How did you ensure compliance with GDPR regulation when handling comparable evidence?

A
  • I only collect and process necessary e.g rent, size, location, while avoiding personal data (data minamilisation)
  • I control access to the data by ensuring that only authorised individuals have access to the data
  • I store the data securely using encrypted cloud storage and follow the retention policies to delete or anonymise the data once it no longer is required
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What could the implications be if there was non compliance?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

You advised the customer that all the information we hold is in adherence with the Commissioners for Revenue and Customs
Act (CRCA) 2005 - can you talk us through how the VOA ensures compliance with this act.

A

refer to sections 17, 18, 19.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What would the implications be for the VOA if we mishandled his personal information?

A

fine or imprisonment TBC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

How would deal with a data breach?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How did you verify the measurements you took on inspection? How would you overcome a difference in measurements from the agents plans?

A
  1. Utilising multiple measurement tools
  2. Taking photos, making detailed notes

Differences:
1. Double check measurements and plans to identify any potential errors or misinterpretations
2. Discuss the disrepancies with the agent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

How did you store the data and documents associated with this case?

A

EDRM (Electronic Data Recording Management)

Permission levels, restricts who can access the data, appropriate labelling.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Can the VOA disclose evidence to the public?

A

Can’t disclose if we don’t have a purpose and business need.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What does Section 18 of the CRCA say about disclosing information?

A

We can dislose information for the purposes of a function of VOA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

How is the evidence that we do share restricted?

A

Opinion of Value - wouldn’t put the whole address

Negotiation - would need to disclose the whole address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Why did you organise a telephone conversation for the agent to review the FOR information?

A

Restrict access

Provide relevant information

The agent doesnt have the exact copy

30
Q

What legislation restricts the FOIA within the VOA?

A

CRCA & GDPR

31
Q

What advise did you give to your clients for data security?

A
  1. Encourage clients to use complex passwords and change them regularly
  2. Use two-factor authentication for added security
  3. Encrypt sensitive data
  4. Keep software up to date
  5. Conduct regular training sessions
  6. Implement a back up strategy
  7. Strict access controls
  8. Incident response plan
32
Q

You mentioned you used Co-Star whilst gathering evidence for a commercial property. How did you verify the data you found on the site?

A
  1. Cross reference
  2. Contact listing agent
33
Q

GOAD inspections - explain to me how you compiled with 3 of the GDPR principles when collecting, uploading and storing data from your inspections?

A
  1. Data minimisation - I focused solely on collecting data relevant to occupany status, business type and visible changes.
  2. Storage limitation - I ensured that the data would be reatined only as long as it would be needed for valuation purposes
  3. Integrity and Confidentiality - I ensured that the data collected was stored securely, utilisin g password protection and encyption measures
34
Q

Talk me through your example relating to advertising rights for reval 2023.

A
35
Q

I note you created a spreadsheet which was shared with your team. What advice would you give to your colleagues when using this information?

A
  1. Remind colleagues to handle any sensitive data in accordance with GDPR and the DPA.
  2. Advise colleagues to document any change made to the spreadsheet - implement a version control practices.
36
Q

You dealt with a challenge for a retail unit in Chiswick where the stent requested to be sent an FOR. Tell me what you advised and why?

A
37
Q

How did you ensure that the information you garethered from your GOAD plans were kept kept secure?

A
38
Q

For your retail property in Chiswick when asked to send over FOR information, under what section does the CRCA permit disclosure of information and under what circumstances can this information be shared?

A

For the purposes of its functions, where there is a legislative gateway or with customer consent./ (CRCA) 2005 allows sharing of data / information as long as it is reasonable and proportionate to do so.

39
Q

why did you advise the agent that they could not be sent the contents of the FOR information.

A

Sensitive nature of the information – only rents/lease terms are proportionate as FOR contains other sensitive data

40
Q

If they requested to see the contents of the FOR in person would this be appropriate?

A

yes but only able to take notes – no photographs or copies

41
Q

what if he requested to see additional rents outside of what you provided him?

A

only if they directly relate to the statutory duty you are carrying out

42
Q

Could conflicts arise from colleagues having access to certain information?

A

Yes, it could occur if doing a DVS asset valuation and a rating colleague has access to this information. Could disadvantage the client as a result of accessing this data which was not requested for that purpose. Could go against GDPR, however CRCA act may justify it? (may need to check this).

43
Q

In regard to the information collected for advertisement rights during the reval 2023 project can you explain to me how you managed the data within the excel database

A

colour coded the different advert rights, highlighted trends in RV,
created filters for different types and locations etc..

44
Q

How did you ensure this data was protected?

A

permissions protected on a password protected device w/ firewall

45
Q

What kind of data sources did you use?

A

primary/secondary

46
Q

what are the pros & cons of primary info?

A

pros: specific to the needs, greater control (type of data, design and method), more up to data, may be more accurate

cons: expensive, time consuming

47
Q

what are the pros & cons of secondary information?

A

pros: easily accessible, affordable, less time consuming

cons: may lack reliability, may be outdated, may have to deal with irrelevant faya before finding suitable data

48
Q

For your GOAD inspections in South Wales, how did you keep the information secure whilst out and about?

A
  1. I ensured that any documents were kept out of sight when not actively in use
  2. I kept my bag secure to transport physical data securely
  3. I maintained awareness of my surroundings while working in public spaces
49
Q

How did you manage the GOAD data?

A

• Storing and organizing the data into relevant categories (e.g., by location, vacancy rate, occupancy rate).
• Updating the data regularly to reflect changes in tenancy or occupancy.
• Validating or cleaning the data to ensure accuracy.
• Using software or tools to structure or analyze the data (e.g., databases, spreadsheets).

50
Q

Other than FORs what other personal and confidential information does the VO hold?

A

Personal data relating to VOA employees
Emails containing sensitive or confidential information
Customer correspondence received in confidence
Customer records
Property information
Contractual information relating to past, present or potential future companies

51
Q

How would you deal with someone requestion to access their own personal information?

A

There is a deadline of one month to respond to a request. I would forward any request where a requester asks for their own information to the SAR inbox immediately by emailing.

if the request is part of an outstanding case, I would consider if it can be dealt with more appropriately as business as usual under CRCA.

This is known as a Subject Access Request.

A verbal request for property information cannot always be answered verbally. We may require verification of the person’s link to the property before deciding whether we can disclose information.

52
Q

Article 5 of GDPR requires that personal data should be what?

A

Processed lawfully, fairly in a transparent manner (PLT)
Adequate, relevant, and limited to what is necessary
Collected for specified explicit and legitimate purposes
Kept in a form that permits identification of data for no longer than is necessary
Accurate and kept up to date, where necessary
Processed in a manner that ensures appropriate security of personal data.

53
Q

What is reg 17 of the non-domestic regulations?

A

allows us to provide rental evidence for VT hearings in support of our case

54
Q

Why do we collect information? Where does it state that we are allowed to do this?

A

LGFA 1988

55
Q

Why do we collect FOR information?

A

Analyse & adjust, store, applications in our systems will download an excel document, filter the information, use in reg 17 as evidence, use towards GOAD plans, graphs for trade information

56
Q

What is the purpose of your GOAD inspections?

A

Enable to provide accurate property valuations - valuers use to GOAD plans to identify the layout, occupancy and use of retail spaces.

Up to date plans allow for quicker and more efficient valuation process.

Monitoring economic trends - including vacancy rates and business types - identify and respond to trends.

57
Q

How did you record the data you collated whilst on inspection?

A
  1. Took photographs
  2. Used handwritten notes
  3. Pre-prepared inspection template - occupancy status, business type, noteable observations
58
Q

How did you present your GOAD findings to senior colleagues?

A
  1. Updated Goad plans with annotations to show changes in property use or occupancy.
  2. Photos taken during the inspections were included to provide visual evidence of any significant changes, such as new developments or vacant properties.
  3. Presented into an excel document, the findings were organized into sections such as “Address”, “Occupancy” “Business Type”. This helped senior colleagues navigate the report more easily and focus on specific areas of interest.
59
Q

When uploading the data to your internal system how did you ensure compliance with the DPA 2018?

A
  1. I ensured that only relevant and necessary information was uploaded, adhering to the principle of data minimization.
  2. If any personal data was collected (e.g., contact details for commercial tenants), I either anonymised or pseudonymised it before uploading.
  3. I made sure that the uploaded data was only accessible to authorized individuals within the organisation.
  4. During the upload process, I used encryption to ensure that the data was securely transmitted to the internal system.
  5. Data was uploaded in password-protected files to add an extra layer of security, ensuring that only authorized personnel could access it.
  6. Audit trail and regular reviews.
60
Q

What are the benefits of collecting data via a FOR? What could be the risks?

A

Filled out by ratepayer who may not understand the process and may provide inaccurate information.

61
Q

How do you comply with the DPA principles at work?

A
  1. I ensure that data collected is only used for the specific purposes.
  2. I limit the amount of data collected to what is strictly necessary for the task.
  3. I ensure that personal and commercial data is regularly reviewed and updated, correcting any inaccuracies as soon as they are identified.
  4. I use encryption, password protection, and secure storage solutions to safeguard data from unauthorized access.
62
Q

What are the pros and cons to cloud based systems?

A

Pros:
Cost efficiency
Access and collaboration
Automatic updates

Cons:
Ongoing costs
Limited control of how data is stored
Reliant on internet connection
Security concerns

63
Q

When using cloud systems how do you minimise security concerns?

A
  1. Data encryption
  2. Multi factor authentication
  3. Access control and permissions
  4. Regular audits and monitoring
  5. Data backup
64
Q

Cycle of information - how do you manage?

A

Create, use, store, destroyed (kept for min years- limitation)

65
Q

What advise did you provide to your colleagues for the advert right?

A
66
Q

What advise did you provide to your colleagues for the GOAD plans?

A

Advised on vacancy
Market data on footfall
Higher vacancy rate

67
Q

Can the VOA share information through FOI?

A

rarely going to share information

How many right to buy you have? Outstanding challenges? - statistics we can share, however other information we cannot share as GDPR.

68
Q

Tell me about the market changes caused by COVID 19?

A

Increased vacancy rates, low footfall, drive towards online retail

69
Q

What reasoned advice did you give off the data you captured?

A

I advised my colleagues of the changes to the high street such as vacancy levels, occupancy levels, change in tenant mix.

The GOAD plan findings provide:

  • a valuable source of data that can help property valuers deliver more accurate and insightful valuations
  • By incorporating vacancy and occupancy trends, understanding changes in the retail mix, and assessing the impact of regeneration or market dynamics, valuers can offer clients a well-rounded perspective on the current and future value of high street properties
70
Q

What were the significant issues you identified with ad right data? What reasoned advice did you provide from your data?

A

I identified critical issues within the advertisement rights data, including gaps, inconsistencies, and fragmented information. I recommended that the data be thoroughly verified and consolidated into a single, cohesive document to enhance accessibility, improve efficiency, and ensure accurate valuations.

71
Q

Is this data management or data collection?

A

It’s data management as I organised the data, stored the data, and handled the use of that data, the access and security.