Data Management Flashcards
What legislation covers the functions of the VOA?
Commissioners for Revenue and Customs Act (CRCA) 2005
Which section of the CRCA covers VOA statutory duties?
Section 7
Which section of CRCA covers the VOA providing valuations?
Section 10.
Any purpose relating to functions of HMRC.
At the request of a public authority
At the request of any person in relation to a public function or of a public nature
Which sections of CRCA relate to disclosure?
Sections 17-23
What is section 17 of CRCA?
Allows sharing if information held for one function with another function within HMRC and VOA
What is section 18 CRCA?
Sets out the circumstances when HMRC and VOA may disclose information outside HMRC and VOA
Who is VOA data controller?
HMRC
What is Section 19 of CRCA?
Criminal offence for VOA officers to disclose information if not covered by section 18.
What are sections 20-21 of CRCA?
Covers when information can be disclosed where it is in public interest or is to a prosecuting authority
What are sections 22-23 of CRCA?
Related to the rights to information under GDPR and FOIA and set out how these requests should be treated
What is personal data?
Anything that can lead to the identification of a person
What are the 4 categories of data in the VOA?
People Personal (personal data)
Property personal (property data)
Sensitive personal (data that could damage VOA reputation)
Special category (race, ethnicity, biometrics etc)
Which act covers UK data protection?
Data Protection Act 2018
Who regulates data protection in the UK?
Information Commussioners Office (ICO)
Who has the responsibility for storage and usage of data?
The individual
7 principles of GDPR?
- Lawfullness, fairness and
transparency - Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
What are the retention schedules for data in the VOA?
Revaluation data: longer of (a) life of the list in force plus 5 years or (b) 1 year
Personal images; until consen5 is withdrawn
Council tax: life of the list plus 6 years
Customer correspondence: 6 months from date of delivery
What are the individual lights under Data Protection legislation
Living individuals have rights:
1. Be informed
2. Access data
3. Erasure
4. Restrict
5. Data portability
6. Object to processing
7. Withdraw consent
8. Complaints to ICO
9. Rights in relation to automated decision making and profiling
How many days to respond to requests for individual rights under Data Protection legislation?
30 days
Which act covers copyright?
Copyright, designs, and patents act 1988 (CDPA)
When is the copying of material permitted?
Nesecarry for the performance of a statutory function (Section 50 CDPA)
In the course of judicial proceedings (Sectoon 45 CDPA)
Received express permission of the copyright owner
Done in accordance with rerms and conditions of the publisher/website or licence held
What is crown copyright?
Anything created by civil servants during life of service related to their functions is owned by the crown
Which act manages records and information in the VOA?
Public Records Act (PRA)
What are the VOA responsibilities under the PRA?
Review records regularly and preserve after 20 years at national archives.
Obtain permission to retain records over 20 years, which don’t meet the criteria for preservation.
Destroy records in line with local agreed retention schedules
What should you be mindful of during Management of Records?
Code of practice within section 46 of the FOIA
How long should you retain agency information?
Review the VOA data and information retention schedule, and if unsure, speak to information asset owner.
Where can VOA information be stored?
VoS, EDRM, Sharepoint, Shared Drives, ERP, Hardcopy and more. But each has its own governance and restrictions to what can be stored.
Where can customer data not be stored?
OneDrive and Teams
Outlook for a maximum of 6 months
What is LADPASS?
Principles of Data Protection Legislation
L - Lawfullness, Transparency and Fairness
A - Accuracy
D - Data Minimisation
P - Purpose Limitation
A - Accountability
S - Storage Limitation
S - Security
What is AORAIDER?
Rights under Data Protection
A - Access
O - Object
R - Rectified
A - Automated Data
I - Informed consent
D - Data portability
E - Erasure
R - Restrict
When should Data breached be reported?
As soon as possible, but within 48 hours of when it was first identified
What is a data breach?
Breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access to personal data.
When should data breached be reported to ICO?
Within 72 hours if there is significant high risk to an individual
Examples of data breaches?
Email sent to wrong person or not BCC
Hardcopy post two letters in one envelope
Data not kept up to date
Wrong fields completed on CDB
Not accurately redacting personal data
Publishing copy material on the intranet
Data loss
Housekeeping: holding records longer than agreed retention periods
How do you ensure compliance with data protection legislation?
- Know your guidance and processes
- Take time to read news and updates
- Complete data protection impact assessments
- Complete mandatory e-learning
- Report security incidents breaches or concers
Who is the data protection officer for the VOA?
David Burke
