DATA MANAGEMENT Flashcards
What are the procedures in place when handling data on use the VOAs Electronic Data?
Access Controls, Password Protected, Regular Updates
How did you share the table with your colleagues so they could use?
I uploaded the table onto our Sharepoint, where there is access controls, version control to track changes and where the team can collabately work on the database together.
What is the main purpose of the Freedom of Information Act 2000 and how might you ensure compliance with this legislation?
It provides the public access to information held by public authorities.
Requests must be in writing.
Public body must supply in 20 working days and charge for this service.
Information must not be excempt e.g. personal data and national security.
How did you ensure compliance with GDPR regulation when handling comparable evidence?
General Data Protection Regulation 2020 (following Brexit)
Sets out the main responsibilities for organisations using, storing and handling personal data.
Consumer Rights (Article 5): The right to be informed, the right to access, the right to erase, right to correct and right to withdraw consent.
Right to CORRECT is something we actively do on the Check stage and in FORs.
FOR data not disclosed outside of agency.
Can you talk us through how the VOA ensures compliance with the CRCA Act 2005 regulations?
Commissioners for Revenue and Customs Act 2005
CRCA covers: confidentiality of information held by the VOA and when it is lawful to disclose that information.
Section 18 of the CRCA allows sharing of data or information as long as it is reasonable to do so, the BA will treat information provided by the VOA as confidential.
What would the implications be for the VOA if we mishandled personal information?
17.5mil or 4% turnover
How would we deal with a data breach? Has there been a recent data breach?
Flag within 72 hours to a protection officer or information commissioners officer if risk to rights and freedoms.
How did you store the data and documents associated with this case?
VOAs Electronic Database
Password protected
Disk Encryption
Anti-virus software
Firewalls and Distaster Recovery Programs
What is the Data Protection Act 2018?
Controls how personal information is used by organsations, buesiness or the government.
Everyone responsible for using personal data has to follow strict rules called data protection principles.
*Used fairly, lawfully and transparently
*Used for specified, explicit purposes
*Used in a way that is adequate, relevant and limited to only what is necessary accurate and when necessary, kept up to date
*Kept for no longer than is necessary
*Handled in a way that ensures appropriate security
What are the sections of CRCA?
Section 17 - allowing sharing of information between HMRC and VOA
Section 18 - permits disclosure of information outside of VOA/HMRC in line with our functions
Section 19 - Makes it criminal to disclose information that can identify individuals
In your cap tax examples you analysed comparable evidence. Can you talk us through how you analysed the data sought?
When arriving at an opinion of value, I arranged the comparable evidence into a spreedsheet, used columns for the property address, sale price, area, date of sale and adjustments. This allowed to identify the most comparable properties and determine an opinion of value.
What tools did you use to verify the data? How did you present that data to a senior colleague?
verify: cross reference, check source, make contact.
present: concise report, highlighing key information such as (rental rates, occupancy trends and any disreprencies that were identified), presented in an excel or powerpoint.
Use of graphs (e.g. rent comparisons or trends).
Use of tables (original data alongside any adjustments I made, with explanations)
Describe a time you have used and managed data to communicate complex, reasoned advice?
A IHT valuation of an estate.
I gathered detailed data of each property, including their size, location, age and condition. I used a range of sources, internal records, rightmove and lease information.
I collected comparable evidence of similar properties including their sale prices, sale dates and condition.
I analysed the comparable evidence using a spreadsheet, using colour coding to indicate each comparables usefulness. This made it easier to demonstrate the variation in property values.
I provided the spreadsheet to a senior valuer in support of my opinion of value so they could better understand how I arrived at the figures I did.
I ensured that the information was not stored for any longer than necessary.
Give me an example of how you process and handle confidential information.
IHT case:
*Don’t print what I don’t need to
*Ensure appropriate saving with correct name conventions
*Don’t leave computer unlocked or unattended
Tell me about how you extract data from a source regularly used in your role?
Internal Database
*CDB for rental information
- set parameters for data to refine prior to download
- use filters on excel to refine the data to what I need
tell me how you’d advise your colleague to use that data?
- Data security and access control: ensure that all sensitive data is stored securely using encryption, ensure that only authorised prsonnel can access the sensitive data and use a 2 factor login.
- Data Privacy and Handling: ensure that personal data is collected only for specific, legitimate puposes and that only the data necessary for those purposes is processed. Ensure that data is stored for as long as necessary- advise to review and securely delete or ananymise data that is no longer required.
- Regulatory Compliance: remind colleagues that under the CRCA, the disclosure of taxpayer information is strictly controlled and must comply with this legislation.
- Staff training, advise them of the GDR, DPA 2018, FOI and CRCA requirements and what to do if there was a breach.
- Ongoing monitoring and auditing.
Are there any recent data scandals?
MoneyGram, a major money transfer service, which led to an investigation by the Information Commissioner’s Office (ICO). The breach raised concerns about sensitive financial information being compromised. This breach was particularly alarming because of the volume of affected customers and the sensitive nature of the data involved
What is the main purpose of the Freedom of Information Act 2000 and how might you ensure compliance with this legislation?
How did you ensure compliance with GDPR regulation when handling comparable evidence?
- I only collect and process necessary e.g rent, size, location, while avoiding personal data (data minamilisation)
- I control access to the data by ensuring that only authorised individuals have access to the data
- I store the data securely using encrypted cloud storage and follow the retention policies to delete or anonymise the data once it no longer is required
What could the implications be if there was non compliance?
You advised the customer that all the information we hold is in adherence with the Commissioners for Revenue and Customs
Act (CRCA) 2005 - can you talk us through how the VOA ensures compliance with this act.
refer to sections 17, 18, 19.
What would the implications be for the VOA if we mishandled his personal information?
fine or imprisonment TBC
How would deal with a data breach?
How did you verify the measurements you took on inspection? How would you overcome a difference in measurements from the agents plans?
- Utilising multiple measurement tools
- Taking photos, making detailed notes
Differences:
1. Double check measurements and plans to identify any potential errors or misinterpretations
2. Discuss the disrepancies with the agent
How did you store the data and documents associated with this case?
EDRM (Electronic Data Recording Management)
Permission levels, restricts who can access the data, appropriate labelling.
Can the VOA disclose evidence to the public?
Can’t disclose if we don’t have a purpose and business need.
What does Section 18 of the CRCA say about disclosing information?
We can dislose information for the purposes of a function of VOA.
How is the evidence that we do share restricted?
Opinion of Value - wouldn’t put the whole address
Negotiation - would need to disclose the whole address