Data Management Flashcards
What is your understanding of the term Confidentiality?
Where information is provided but is subject to confidence and not shared without permission.
What is your understanding of the term Meta Data and why is this important?
- Meta Data is information about a specific piece of data.
- For example when sharing a cost planning document, the Meta Data associated with this could consist of information about the author, the file size, the date the document was created and keywords to describe the document.
- We must ensure that this Meta Data is afforded the same level of care as all other confidential data.
What is your understanding of Intellectual Property and Copyright?
- This is the right to control the use and ownership of original works.
- Work generally created by an employee usually belongs to their employer unless copyrights are put in
place.
What is the Freedom of Information Act 2005?
- The act permits the public right of access to information held by public authorities. Must be provided within 20 days - or with a reason as to why it cannot (e.g. too expensive / time consuming / may not have resources / unreasonable request)
- This is the primary piece of UK legislation that controls the access to official information.
- Information must also be published through the public authorities publication scheme.
- The act covers all information held and not just information since the act came into effect.
What are the benefits of cloud-based storage systems?
- Information is backed up securely on encrypted servers.
- Accessibility can be managed via online settings.
- Cloud systems are often cheaper than the costs of physically storing and managing files.
- It is convenient to send and share files online instead of mailing physical copies.
- Cloud systems are environmentally friendly.
- Multiple users can access the same documents.
- Documents and folder systems can be synchronized
If two separate departments within your firm were working for two rival companies how would you ensure client sensitive data was
managed?
- I would make the client aware of the risks involved and check their understanding of the conflict of interest.
- I would ensure a letter of instruction to continue was obtained from the client.
- Exclusivity of staff would be arranged.
- The use of non-disclosure agreements would be considered.
- Separate working locations from each of the teams would need to be put in place.
- Secure document and data storage would be arranged to be used exclusively for the separate teams.
What is the Data Protection Act 2018?
- The act replaces previous 1998 legislation and manages how personal data is processed by organisations and the government.
- It is the UK legislation for the implementation of the EU General Data Protection Regulations (GDPR).
What are the key Principles of the Data Protection Act 2018?
The act ensures that data is:-
* Used fairly, lawfully and transparently.
* Used in a way that is adequate, relevant and limited to only the purpose it is intended.
* Is retained for no longer than is necessary.
* Processed securely including the protection against unlawful use, loss or destruction.
What are a person’s rights under the Data Protection Act?
People have the right to:-
* To be informed about how their data is being used.
* The right to access their data.
* The right to have incorrect information updated.
* To have their data erased.
* To stop or restrict the processing of their data.
* The right of portability.
* To object to the use of their data.
Describe to me the amount of time you can keep data for.
No specific time limit and it is dependent on the type of data. But it should usually be retained only as long as it is needed to fulfil the purpose of which it was collected.
However, firms may need to respond to claims made against them so retention policies may be in place for this - usually in line with PII run over period.
* 6 years from when the service was provided
* 6 years from when loss was suffered,
* or up to 12-15 years dependant on the type of instruction or claim or if the claimant did not know a loss was suffered.
Who are the key persons outlined within GDPR?
- Controller
The controller is the natural person or legal entity that determines the purposes and means of the processing of personal data for example when processing an employee’s personal data, the employer is considered to be the controller. - Processor
A natural person or legal entity that processes personal data on behalf of the controller for
example a call centre acting on behalf of its client is considered to be a processor. - Data Protection Officer (DPO)
The Data Protection Officer is a leadership role required by EU GDPR. This role exists within companies that process the personal data of EU citizens. A DPO is responsible for overseeing the data protection approach, strategy, and its implementation.
What are the 8 individual rights under GDPR?
- The right to be informed.
- The right of access.
- The right of rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- Rights of automated decision making and profiling.
- Diversity, Inclusion & Team Working.
Can you tell me the three principles of GDPR?
GDPR - Lawfulness, fairness and transparency
Can you tell me the 7 principles of the Data Protection Act 2018?
Lawfulness, fairness and transparency. Purpose limitation. Data minimisation. Accuracy. Storage limitation. Integrity and confidentiality (security) Accountability.
How do you process and handle confidential information?
Control access. Use confidential waste bins and shredders. Lockable document storage cabinets. Secure delivery of confidential documents. Stored n encrypted folders that can only be accessed by required team members. Employee training
What is copyright?
Author of original work has exclusive rights to control distribution
What is the freedom of information Act 2000?
- Right to information held by the public sector
- Request must be in writing
- Information must not be exempt
- 20 Days to respond
What legislation relates to the disposal of old files?
Limitation Act 1980
How long do old files need keeping? MCC Process / Guidelines
At least 6 years, 12 if a deed, ideally 15 for PII
What is the difference between a deed and registered title?
A deed is absolute proof and title is good indication
What does encryption mean?
The process of converting information or data into a code, especially to prevent unauthorized access.
How can you protect electronic data from viruses
Educate your employees about ransomware and phishing attacks. Firewall/antivirus software. Review your password policy and update if necessary. Back up your important business data. Test your backup / restore capabilities.
What is Blockchain?
A system of recording information in a way which makes it difficult or impossible to change or hack
What is a data controller?
Decides the purpose and manner that personal data is used
Name some ways you ensure data security?
- Firewalls 2. Password management 3. Don’t leave devices unattended 4. Encryption 5. Virus protection 6. Caution on sharing social media 7. Back up data 8. Automatic updates 9. Two step verification
What constitutes personal data?
information that relates to an identified or identifiable individual. What identifies an individual could be as simple as a name or a number or could include other identifiers such as an IP address or a cookie identifier, or other factors
What is EDM and what does it do?
Electronic Document Management - Collection of tech which manages electronic assets
Who owns the copyright of a valuation report?
The Surveyor - client is licensed to copy
Key legislation in the UK relating to data protection?
Data protection act 2018
What does GDPR stand for?
General Data Protection Regulation
What legislation specifically relates to Data held by public bodies?
Freedom of Information Act 2000
How must a FOI request be made and how long for a reply?
In writing 20 days
Do public bodies need to reply to an FOI - any exceptions?
Yes have to reply - either with info or refusal (with explanation) Refusal can be = to expensive, unreasonable or not in public interest
How do you ensure data on your system is accurate?
There is a system in place to ensure data updates, for example a tenant leaves a premises we complete a record amendment form which our property information team input and double check. This is completed for all changes of data.
What are the limitations of primary/secondary data?
Secondary data =Information may be outdated, therefore inaccurate. The data may be biased and it is hard to know if the information was collected is accurate. The data was not gathered for the specific purpose the firm needs or is not relevant to the original context.
Primary Data = Cost is one of the major reasons why researchers, and organisations will choose not to use primary research. …Time, Feasibility
What is malware?
Malware is a type of malicious software designed to harm or exploit any programmable device, service or network. Used it to extract data that they can leverage over victims for financial gain. That data can range from financial data, to healthcare records, to personal emails and passwords.
