Data Management Flashcards
How is Lendlease compliant with UK GDPR?
Lendlease has a ‘Data Governance Forum’ whereby members take leadership for data sets which are high value e.g.
- Privacy Council manage personal data
- Verification Committee ensure what is communicated externally is accurate, they ‘fact check’
We undertake training on:
- Storing data - who can access this data? Is this a LL or third party store? Is there disaster recovery?
- Processing data - only process data in ways that are consistent with the purpose it was obtained for / how the accuracy of data / access control during processing
- Sharing data - do you know the rights we have for sharing the data? Is it on a need to know basis? Has it been validated if going public?
- Destroying data - Only keep for as long as needed / can personal data be de-identified / security and protection of records and archives
What data do you use in your role?
A range of data for different purposes:
- Budgets
- Development appraisals
- Info from architects (drawings / models / schedules)
- Comparable evidence / market evidence (Molior - reliant on developers uploading)
- Agents (reports - pretty reliable)
What is a useful trigger for important data collection dates?
Diaries
- Rent collection
- Rent review notices
- Insurance renewals
- Regular inspections
- Repairing obligations
- Break clauses
- Planning obligations
What is triangulation?
Verifying data against an alternative source
What do data security technologies include?
- Disk encryption
- Regular backups off site
- Cloud storage
- Password protection
- Anti-virus protection
- Firewalls
- Disaster recovery
What is copyright?
- Set of exclusive rights granted to the author / creator of original work, including right to copy
- Rights can be licensed, assigned or transferred
- Form of intellectual property
- Crown copyright (all material prepared by Gov like laws, public records, press releases, OS mapping)
- Must acknowledge copyright in your work
What is the key legislation regarding data protection in the UK?
Data Protection Act (2018)
UK General Data Protection Regulation and the Data Protection Act (2018)
What is the purpose of UK GDPR?
- Single data protection regime
- Affects businesses, with the goal to empower individuals to control how their data is used by third parties
- Right to be informed how data is used
What are the requirements of UK GDPR?
- Data protection impact assessment for high risk holding of data
- Rights for individuals to have access to personal info held and have it erased
- Data controller decides how and why data is processed and responsible
- ‘Data accountability’ ensures firms can prove to the ICO (Information Commissioner’s Office) how they comply with regs)
What is the penalty for security breaches?
- Breaches must be reported to ICO within 72 hours where there is a loss of personal data and risk of harm
- Fine of 4% turnover, or £17.5 million (whatever is greater)
Who polices UK GDPR?
Information Commissioner’s Officer
What are the principles of UK GDPR?
Article 51:
- Process lawfully and transparently
- Collect for specified and legit reasons
- Limited to what is necessary
- Accurate and kept updated
- Kept in a form which permits identification
What are individual rights under UK GDPR?
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to object
What legislation gives individuals right of access to information held by public bodies?
Freedom of Information Act (2000)
What does the Freedom of Information Act (2000) set out?
- Public body must tell any individual requesting the info if it holds it
- Required to supply info in 20 days
- It can charge
Exemption: If it would prejudice a criminal matter under investigation, or a persons/firms commercial interest
Is there anything emerging on cybercrime?
Proposed RICS Professional Standard on Data Handling and Prevention of Cybercrime
- Best practise
- Mandatory obligations
- How surveyors must capture, store and share data appropriately
What is an NDA?
- Legally enforceable contract between a person with sensitive information and a person with access to that information
- If breached, take legal action and seek damages for losses incurred
When do you use data management in your role?
ACC - Store and share the most recent information between the design team. Have to be given special permission by LL to access it.
Contractor records
Contract records
Photos
Health records
What data do you need? What do you need the data for? What is the data source? What format is the data? Can you verify the data is accurate?
Design info from consultants
Market info from agents / Molior
What are you going to do with the data? Method of analysis / methodology?
Submit it for planning
Use it to inform further design
Use it to position products
How will you present data?
Baked into design
Presented in a presentation / report
What is Lendlease’s policy on data storing / how long can you store it for before it has to be erased?
What is key legislation?
Data Protection Act (2018)
- Controls how your data is used by organisations and the government
- UK’s implementation of GDPR (EU initative that was readopted after Brexit into the Data Protection Act). Under GDPR, implemented by the Data Protection Act (2018):
- Data protection principles (used fairly, lawfully, transparently, adequate, relevant and limited, specified purposes, up to date, kept no longer than necessary, stored properly)
- Strong data protection on genetics, religion, health, sexual orientation, criminal conviction
- You have right to see how data is being used (informed, access, corrected, erased, object, up to date)
