DATA MANAGEMENT

Question 1

What are the procedures in place when handling data on use the VOAs Electronic Data?

Answer 1

Access Controls, Password Protected, Regular Updates

Question 2

How did you share the table with your colleagues so they could use?

Answer 2

I uploaded the table onto our Sharepoint, where there is access controls, version control to track changes and where the team can collabately work on the database together.

Question 3

What is the main purpose of the Freedom of Information Act 2000 and how might you ensure compliance with this legislation?

Answer 3

It provides the public access to information held by public authorities.

Requests must be in writing.

Public body must supply in 20 working days and charge for this service.

Information must not be excempt e.g. personal data and national security.

Question 4

How did you ensure compliance with GDPR regulation when handling comparable evidence?

Answer 4

General Data Protection Regulation 2020 (following Brexit)

Sets out the main responsibilities for organisations using, storing and handling personal data.

Consumer Rights (Article 5): The right to be informed, the right to access, the right to erase, right to correct and right to withdraw consent.

Right to CORRECT is something we actively do on the Check stage and in FORs.

FOR data not disclosed outside of agency.

Question 5

Can you talk us through how the VOA ensures compliance with the CRCA Act 2005 regulations?

Answer 5

Commissioners for Revenue and Customs Act 2005

CRCA covers: confidentiality of information held by the VOA and when it is lawful to disclose that information.

Section 18 of the CRCA allows sharing of data or information as long as it is reasonable to do so, the BA will treat information provided by the VOA as confidential.

Question 6

What would the implications be for the VOA if we mishandled personal information?

Answer 6

17.5mil or 4% turnover

Question 7

How would we deal with a data breach? Has there been a recent data breach?

Answer 7

Flag within 72 hours to a protection officer or information commissioners officer if risk to rights and freedoms.

Question 8

How did you store the data and documents associated with this case?

Answer 8

VOAs Electronic Database

Password protected
Disk Encryption
Anti-virus software
Firewalls and Distaster Recovery Programs

Question 9

What is the Data Protection Act 2018?

Answer 9

Controls how personal information is used by organsations, buesiness or the government.

Everyone responsible for using personal data has to follow strict rules called data protection principles.

*Used fairly, lawfully and transparently
*Used for specified, explicit purposes
*Used in a way that is adequate, relevant and limited to only what is necessary accurate and when necessary, kept up to date
*Kept for no longer than is necessary
*Handled in a way that ensures appropriate security

Question 10

What are the sections of CRCA?

Answer 10

Section 17 - allowing sharing of information between HMRC and VOA
Section 18 - permits disclosure of information outside of VOA/HMRC in line with our functions
Section 19 - Makes it criminal to disclose information that can identify individuals

Question 11

In your cap tax examples you analysed comparable evidence. Can you talk us through how you analysed the data sought?

Answer 11

When arriving at an opinion of value, I arranged the comparable evidence into a spreedsheet, used columns for the property address, sale price, area, date of sale and adjustments. This allowed to identify the most comparable properties and determine an opinion of value.

Question 12

What tools did you use to verify the data? How did you present that data to a senior colleague?

Answer 12

verify: cross reference, check source, make contact.

present: concise report, highlighing key information such as (rental rates, occupancy trends and any disreprencies that were identified), presented in an excel or powerpoint.

Use of graphs (e.g. rent comparisons or trends).

Use of tables (original data alongside any adjustments I made, with explanations)

Question 13

Describe a time you have used and managed data to communicate complex, reasoned advice?

Answer 13

A IHT valuation of an estate.

I gathered detailed data of each property, including their size, location, age and condition. I used a range of sources, internal records, rightmove and lease information.

I collected comparable evidence of similar properties including their sale prices, sale dates and condition.

I analysed the comparable evidence using a spreadsheet, using colour coding to indicate each comparables usefulness. This made it easier to demonstrate the variation in property values.

I provided the spreadsheet to a senior valuer in support of my opinion of value so they could better understand how I arrived at the figures I did.

I ensured that the information was not stored for any longer than necessary.

Question 14

Give me an example of how you process and handle confidential information.

Answer 14

IHT case:

*Don’t print what I don’t need to
*Ensure appropriate saving with correct name conventions
*Don’t leave computer unlocked or unattended

Question 15

Tell me about how you extract data from a source regularly used in your role?

Answer 15

Internal Database
*CDB for rental information
- set parameters for data to refine prior to download
- use filters on excel to refine the data to what I need

Question 16

tell me how you’d advise your colleague to use that data?

Answer 16

1. Data security and access control: ensure that all sensitive data is stored securely using encryption, ensure that only authorised prsonnel can access the sensitive data and use a 2 factor login.
2. Data Privacy and Handling: ensure that personal data is collected only for specific, legitimate puposes and that only the data necessary for those purposes is processed. Ensure that data is stored for as long as necessary- advise to review and securely delete or ananymise data that is no longer required.
3. Regulatory Compliance: remind colleagues that under the CRCA, the disclosure of taxpayer information is strictly controlled and must comply with this legislation.
4. Staff training, advise them of the GDR, DPA 2018, FOI and CRCA requirements and what to do if there was a breach.
5. Ongoing monitoring and auditing.

Question 17

Are there any recent data scandals?

Answer 17

MoneyGram, a major money transfer service, which led to an investigation by the Information Commissioner’s Office (ICO). The breach raised concerns about sensitive financial information being compromised. This breach was particularly alarming because of the volume of affected customers and the sensitive nature of the data involved

Question 18

What is the main purpose of the Freedom of Information Act 2000 and how might you ensure compliance with this legislation?

Question 19

How did you ensure compliance with GDPR regulation when handling comparable evidence?

Answer 19

• I only collect and process necessary e.g rent, size, location, while avoiding personal data (data minamilisation)
• I control access to the data by ensuring that only authorised individuals have access to the data
• I store the data securely using encrypted cloud storage and follow the retention policies to delete or anonymise the data once it no longer is required

Question 20

What could the implications be if there was non compliance?

Question 21

You advised the customer that all the information we hold is in adherence with the Commissioners for Revenue and Customs
Act (CRCA) 2005 - can you talk us through how the VOA ensures compliance with this act.

Answer 21

refer to sections 17, 18, 19.

Question 22

What would the implications be for the VOA if we mishandled his personal information?

Answer 22

fine or imprisonment TBC

Question 23

How would deal with a data breach?

Question 24

How did you verify the measurements you took on inspection? How would you overcome a difference in measurements from the agents plans?

Answer 24

1. Utilising multiple measurement tools
2. Taking photos, making detailed notes

Differences:
1. Double check measurements and plans to identify any potential errors or misinterpretations
2. Discuss the disrepancies with the agent

Question 25

How did you store the data and documents associated with this case?

Answer 25

EDRM (Electronic Data Recording Management)

Permission levels, restricts who can access the data, appropriate labelling.

Question 26

Can the VOA disclose evidence to the public?

Answer 26

Can’t disclose if we don’t have a purpose and business need.

Question 27

What does Section 18 of the CRCA say about disclosing information?

Answer 27

We can dislose information for the purposes of a function of VOA.

Question 28

How is the evidence that we do share restricted?

Answer 28

Opinion of Value - wouldn’t put the whole address

Negotiation - would need to disclose the whole address

Question 29

Why did you organise a telephone conversation for the agent to review the FOR information?

Answer 29

Restrict access

Provide relevant information

The agent doesnt have the exact copy

Question 30

What legislation restricts the FOIA within the VOA?

Answer 30

CRCA & GDPR

Question 31

What advise did you give to your clients for data security?

Answer 31

1. Encourage clients to use complex passwords and change them regularly
2. Use two-factor authentication for added security
3. Encrypt sensitive data
4. Keep software up to date
5. Conduct regular training sessions
6. Implement a back up strategy
7. Strict access controls
8. Incident response plan

Question 32

You mentioned you used Co-Star whilst gathering evidence for a commercial property. How did you verify the data you found on the site?

Answer 32

1. Cross reference
2. Contact listing agent

Question 33

GOAD inspections - explain to me how you compiled with 3 of the GDPR principles when collecting, uploading and storing data from your inspections?

Answer 33

1. Data minimisation - I focused solely on collecting data relevant to occupany status, business type and visible changes.
2. Storage limitation - I ensured that the data would be reatined only as long as it would be needed for valuation purposes
3. Integrity and Confidentiality - I ensured that the data collected was stored securely, utilisin g password protection and encyption measures

Question 34

Talk me through your example relating to advertising rights for reval 2023.

Question 35

I note you created a spreadsheet which was shared with your team. What advice would you give to your colleagues when using this information?

Answer 35

1. Remind colleagues to handle any sensitive data in accordance with GDPR and the DPA.
2. Advise colleagues to document any change made to the spreadsheet - implement a version control practices.

Question 36

You dealt with a challenge for a retail unit in Chiswick where the stent requested to be sent an FOR. Tell me what you advised and why?

Question 37

How did you ensure that the information you garethered from your GOAD plans were kept kept secure?

Question 38

For your retail property in Chiswick when asked to send over FOR information, under what section does the CRCA permit disclosure of information and under what circumstances can this information be shared?

Answer 38

For the purposes of its functions, where there is a legislative gateway or with customer consent./ (CRCA) 2005 allows sharing of data / information as long as it is reasonable and proportionate to do so.

Question 39

why did you advise the agent that they could not be sent the contents of the FOR information.

Answer 39

Sensitive nature of the information – only rents/lease terms are proportionate as FOR contains other sensitive data

Question 40

If they requested to see the contents of the FOR in person would this be appropriate?

Answer 40

yes but only able to take notes – no photographs or copies

Question 41

what if he requested to see additional rents outside of what you provided him?

Answer 41

only if they directly relate to the statutory duty you are carrying out

Question 42

Could conflicts arise from colleagues having access to certain information?

Answer 42

Yes, it could occur if doing a DVS asset valuation and a rating colleague has access to this information. Could disadvantage the client as a result of accessing this data which was not requested for that purpose. Could go against GDPR, however CRCA act may justify it? (may need to check this).

Question 43

In regard to the information collected for advertisement rights during the reval 2023 project can you explain to me how you managed the data within the excel database

Answer 43

colour coded the different advert rights, highlighted trends in RV,
created filters for different types and locations etc..

Question 44

How did you ensure this data was protected?

Answer 44

permissions protected on a password protected device w/ firewall

Question 45

What kind of data sources did you use?

Answer 45

primary/secondary

Question 46

what are the pros & cons of primary info?

Answer 46

pros: specific to the needs, greater control (type of data, design and method), more up to data, may be more accurate

cons: expensive, time consuming

Question 47

what are the pros & cons of secondary information?

Answer 47

pros: easily accessible, affordable, less time consuming

cons: may lack reliability, may be outdated, may have to deal with irrelevant faya before finding suitable data

Question 48

For your GOAD inspections in South Wales, how did you keep the information secure whilst out and about?

Answer 48

1. I ensured that any documents were kept out of sight when not actively in use
2. I kept my bag secure to transport physical data securely
3. I maintained awareness of my surroundings while working in public spaces

Question 49

How did you manage the GOAD data?

Answer 49

• Storing and organizing the data into relevant categories (e.g., by location, vacancy rate, occupancy rate).
• Updating the data regularly to reflect changes in tenancy or occupancy.
• Validating or cleaning the data to ensure accuracy.
• Using software or tools to structure or analyze the data (e.g., databases, spreadsheets).

Question 50

Other than FORs what other personal and confidential information does the VO hold?

Answer 50

Personal data relating to VOA employees
Emails containing sensitive or confidential information
Customer correspondence received in confidence
Customer records
Property information
Contractual information relating to past, present or potential future companies

Question 51

How would you deal with someone requestion to access their own personal information?

Answer 51

There is a deadline of one month to respond to a request. I would forward any request where a requester asks for their own information to the SAR inbox immediately by emailing.

if the request is part of an outstanding case, I would consider if it can be dealt with more appropriately as business as usual under CRCA.

This is known as a Subject Access Request.

A verbal request for property information cannot always be answered verbally. We may require verification of the person’s link to the property before deciding whether we can disclose information.

Question 52

Article 5 of GDPR requires that personal data should be what?

Answer 52

Processed lawfully, fairly in a transparent manner (PLT)
Adequate, relevant, and limited to what is necessary
Collected for specified explicit and legitimate purposes
Kept in a form that permits identification of data for no longer than is necessary
Accurate and kept up to date, where necessary
Processed in a manner that ensures appropriate security of personal data.

Question 53

What is reg 17 of the non-domestic regulations?

Answer 53

allows us to provide rental evidence for VT hearings in support of our case

Question 54

Why do we collect information? Where does it state that we are allowed to do this?

Answer 54

LGFA 1988

Question 55

Why do we collect FOR information?

Answer 55

Analyse & adjust, store, applications in our systems will download an excel document, filter the information, use in reg 17 as evidence, use towards GOAD plans, graphs for trade information

Question 56

What is the purpose of your GOAD inspections?

Answer 56

Enable to provide accurate property valuations - valuers use to GOAD plans to identify the layout, occupancy and use of retail spaces.

Up to date plans allow for quicker and more efficient valuation process.

Monitoring economic trends - including vacancy rates and business types - identify and respond to trends.

Question 57

How did you record the data you collated whilst on inspection?

Answer 57

1. Took photographs
2. Used handwritten notes
3. Pre-prepared inspection template - occupancy status, business type, noteable observations

Question 58

How did you present your GOAD findings to senior colleagues?

Answer 58

1. Updated Goad plans with annotations to show changes in property use or occupancy.
2. Photos taken during the inspections were included to provide visual evidence of any significant changes, such as new developments or vacant properties.
3. Presented into an excel document, the findings were organized into sections such as “Address”, “Occupancy” “Business Type”. This helped senior colleagues navigate the report more easily and focus on specific areas of interest.

Question 59

When uploading the data to your internal system how did you ensure compliance with the DPA 2018?

Answer 59

1. I ensured that only relevant and necessary information was uploaded, adhering to the principle of data minimization.
2. If any personal data was collected (e.g., contact details for commercial tenants), I either anonymised or pseudonymised it before uploading.
3. I made sure that the uploaded data was only accessible to authorized individuals within the organisation.
4. During the upload process, I used encryption to ensure that the data was securely transmitted to the internal system.
5. Data was uploaded in password-protected files to add an extra layer of security, ensuring that only authorized personnel could access it.
6. Audit trail and regular reviews.

Question 60

What are the benefits of collecting data via a FOR? What could be the risks?

Answer 60

Filled out by ratepayer who may not understand the process and may provide inaccurate information.

Question 61

How do you comply with the DPA principles at work?

Answer 61

1. I ensure that data collected is only used for the specific purposes.
2. I limit the amount of data collected to what is strictly necessary for the task.
3. I ensure that personal and commercial data is regularly reviewed and updated, correcting any inaccuracies as soon as they are identified.
4. I use encryption, password protection, and secure storage solutions to safeguard data from unauthorized access.

Question 62

What are the pros and cons to cloud based systems?

Answer 62

Pros:
Cost efficiency
Access and collaboration
Automatic updates

Cons:
Ongoing costs
Limited control of how data is stored
Reliant on internet connection
Security concerns

Question 63

When using cloud systems how do you minimise security concerns?

Answer 63

1. Data encryption
2. Multi factor authentication
3. Access control and permissions
4. Regular audits and monitoring
5. Data backup

Question 64

Cycle of information - how do you manage?

Answer 64

Create, use, store, destroyed (kept for min years- limitation)

Question 65

What advise did you provide to your colleagues for the advert right?

Question 66

What advise did you provide to your colleagues for the GOAD plans?

Answer 66

Advised on vacancy
Market data on footfall
Higher vacancy rate

Question 67

Can the VOA share information through FOI?

Answer 67

rarely going to share information

How many right to buy you have? Outstanding challenges? - statistics we can share, however other information we cannot share as GDPR.

Question 68

Tell me about the market changes caused by COVID 19?

Answer 68

Increased vacancy rates, low footfall, drive towards online retail

Question 69

What reasoned advice did you give off the data you captured?

Answer 69

I advised my colleagues of the changes to the high street such as vacancy levels, occupancy levels, change in tenant mix.

The GOAD plan findings provide:

• a valuable source of data that can help property valuers deliver more accurate and insightful valuations
• By incorporating vacancy and occupancy trends, understanding changes in the retail mix, and assessing the impact of regeneration or market dynamics, valuers can offer clients a well-rounded perspective on the current and future value of high street properties

Question 70

What were the significant issues you identified with ad right data? What reasoned advice did you provide from your data?

Answer 70

I identified critical issues within the advertisement rights data, including gaps, inconsistencies, and fragmented information. I recommended that the data be thoroughly verified and consolidated into a single, cohesive document to enhance accessibility, improve efficiency, and ensure accurate valuations.

Question 71

Is this data management or data collection?

Answer 71

It’s data management as I organised the data, stored the data, and handled the use of that data, the access and security.