Data Management COPY Flashcards

1
Q

What regulation governs laws on data protection and privacy?

A

UK General Data Protection Regulation 2020

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the maximum GDPR fine set by UK GDPR and DPA 2018?

A

17.5 million or 4% of annual global turnover (whichever is highest)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Data offences can be punished by what?

A
  • Warnings
  • Temporary or permanent ban on data processing
  • Restriction or erasure of data
  • Suspend data transfers to 3rd party countries
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the Data Protection Act 2018?

A
  • UK’s implementation of GDPR
  • Replaced the DPA 1998
  • Controls how personal information is used by organisations, businesses or the government
  • Designed to protect personally identifiable information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the Freedom of Information Act 2000?

A
  • Gives individuals the right of access to information held by public bodies
  • Public body must tell any individuals requesting sight of the information whether it holds that information
  • Must be supplied within 20 working days in the format required
  • Can be charged for the provision of the information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How do Freedom of Information Act 2000 requests work?

A
  • Must be in writing
  • Information must not be exempt
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What security measures can you use to protect data?

A
  • Password protection
  • Security markings
  • Physically locking storage units
  • Encryption firewalls
  • Two factor authentication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What best practices would you encourage in terms of managing data?

A
  • Cross reference computer with hard copy
  • Back up IT systems
  • Write once, read many times
  • Keep an audit trail
  • Ensure electronic signature cannot be altered (send PDF not Word)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Tell me what you know about GDPR?

A
  • Following Brexit, the UK GDPR 2020 was introduced.
  • This set out the main responsibilities for organisations using, storing and handling personal data
  • Article 5 sets out consumer rights
  • Applies to the VOA - the right to correct is something we actively do in the Check stage in CCA and in the form of return where personal data is explicitly collected
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is personal data?

A

Any information which is related to an identified or identifiable person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are encryption, firewalls and blockchain?

A

Encryption = Securing data by encoding it mathematically so it can only be read or destroyed by those with the correct key or cipher

Firewall = Network security device that monitors traffic to/from your network, it allows/blocks traffic based on a set of security rules

Blockchain = Digitally distributed, decentralised public ledger that exists across a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How do you process and handle confidential information?

A
  • Don’t print what I don’t need to
  • Ensure appropriate saving with correct name conventions
  • Don’t leave computer unlocked or unattended
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How do you extract data from a source regularly used in your role?

A
  • Internal database - CDB for rental and sale information
  • Set parameters for data to refine prior to download
  • Use filters on Excel to refine the data to what I need
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is an Electronic Document Management System (EDMS)?

A
  • Software package designed to manage electronic information and records within an organisation’s workflow
  • Allows a user to manage the creation, storage and control of records while allowing others to access and edit documents
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What type of documents can electronic signatures be used for?

A

To replace handwritten signatures in virtually every personal or business process
e.g. contracts, application forms and non-disclosure agreements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How do you ensure that data is kept securely?

A
  • Permission levels on EDRM and Sharepoint to restrict who can access data, preventing conflicts o interest in terms of accessing information
    e.g. rating valuer accessing plans and data collected for a different purpose
  • Back up work/systems where necessary
  • Ensure properly labelled as ‘Official - Sensitive’ info to show others that care must be taken
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How do you validate information?

A
  • Cross check with another source
  • Call to get further information/confirm details
  • Adopt a common sense approach
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the pros and cons of primary data?

A

Pros

  • Specific to needs
  • Greater control
  • More up-to-date
  • May be more accurate

Cons

  • Expensive (may make it more difficult)
  • Time consuming
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the pros and cons of secondary data?

A

Pros

  • Easily accessible
  • Affordable
  • Less time consuming

Cons

  • May lack reliability
  • May be outdated
  • May have to deal with irrelevant data before finding suitable data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

You shared rental evidence with an agent for rating purposes. did you have permission to share that information?

A
  • Yes, the VOA is subject to the Commissioners for Revenue and Customs Act 2005
  • This covers the confidentiality of information held by the VOA and when its lawful to disclose that information
  • VOA cannot disclose information except in limited circumstances including legislative gateways/consent
  • Section 18(2) and (3) allows sharing of data so long as it is reasonable and proportionate to do so
  • BA treats information from VOA as confidential even if the information sharing agreement is terminated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is Section 18 of the CRCA 2005?

A

It sets out where information can be disclosed. Do not disclose this information unless:

  • it is essential for one of our functions
  • it is allowed by specific legislation
  • it is with consent of the customer
  • it is in the course of civil proceedings
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is Section 7 of the CRCA 2005?

A

It sets out the VOA’s functions:

  • compilation and maintenance of rating lists and council tax lists
  • valuation of property
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is Section 10 of the CRCA 2005?

A

It allows the VOA to provide a valuation of property:

  • for any purpose relating to its function
  • at the request of a public authority
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How did you store data collected on inspection?

A
  • Electronically using Word and Excel
  • Uploaded inspection notes and photographs to EDRM system with access restrictions and appropriate name and labelling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Can other colleagues access information you are working on?

A

Not if they are in a different team
e.g. DVS will not be able to access information stored for rating purposes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What are the exemptions in the Freedom of Information Act 2000?

A
  • Personal data
  • National security
  • Information held by the VOA for its functions that either directly identifies a person or enables their identity to be deduced from it, is exempt from disclosure under S44 of the FOI Act 2000 as it is prohibited by S23 of the CRCA 2005.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Tell me about the DPA 2018?

A
  • Controls how your personal information is used by organisations, businesses or the government
  • Everyone responsible for using personal data has to follow strict rules called ‘Data Protection Principles’ also known as PACKAP
  • Consumer rights (ACCEP)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

How long do you keep information for and how is it disposed of?

A
  • Kept for a minimum of 6 years
  • VOA has a team who deals with erasure and data disposal
29
Q

What regulation covers sharing data?

A

Commissioners for Revenue and Customs Act 2005 (CRCA)

30
Q

What are the benefits of cloud based systems?

A
  • Information is backed up by encrypted servers
  • Accessibility can be managed via online settings
  • Cheaper than physically storing and managing files
  • More convenient to send and share files
  • Environmentally friendly
  • Multiple users can access the same document at the same time
31
Q

What is a non-disclosure agreement?

A
  • Used to protect against the disclosure of sharing any confidential data
  • Prior to information being shared, clients will typically request tat the recipient signs up to an NDA
  • Often used to prevent confidential or sensitive property information being used or talked about by competitiors
32
Q

If two departments within your firm were working for rival companies, how would you ensure sensitive data is managed?

A
  • Make the client aware of risks
  • Conflict of interest protocol
  • Informed consent
  • Keep staff exclusively in one team
  • NDAs
  • Separate working locations
  • Use secure document systems with access restrictions
33
Q

Who are the key persons outlined within GDPR?

A

Controller = person that determines the purpose and means of processing personal data e.g. employer

Processor = person that processes personal data on behalf of the controller e.g. call centres acting on behalf of its client

Data Protection Officer = leadership role required by EU GDPR - responsible for overseeing data protection approach study and implementation

34
Q

What should companies put in place to ensure GDPR compliance?

A
  • Raise awareness across the business
  • Audit personal data
  • Review procedures supporting individual rights
  • Identify and document the legal basis for processing personal data under GDPR
  • Train staff and give them the information
35
Q

What personal and confidential information does your organisation hold?

A
  • Personal data relating to VOA employees
  • Emails containing sensitive or confidential information
  • Customer correspondence received in confidence
  • Customer records
  • Property information
  • Contractual information relating to past, present or future companies
36
Q

What is disclosure?

A
  • Sharing information with others
  • Before sharing information you must be sure you have the right to disclose it and the person requesting it has the right to receive it
37
Q

What two ways does the FOI Act provide the public with access to information held by public authorities?

A

1) Public authority obliged to publish certain information about their activities

2) Members of the public are entitled to request information from public authorities

38
Q

When would you disclose information about taxpayers/customers to third parties?

A

In line with the CRCA 2005:
- if essential to functions
- in line with legislation
- consent
- civil proceedings

e.g. law allows us to disclose rental information when dealing with a rating challenge and the appellant can request rental information proportionate to ours

39
Q

How do you deal with someone requesting to access their own personal information?

A
  • Deadline of 1 month to response to request
  • Forward to subject access request (SAR) inbox immediately
  • If part of an outstanding case, would consider if it can be dealt with more appropriately as business as usual under CRCA
  • Verbal request for property information cannot always be answered verbally - we may require verification of the person’s link to the property before deciding to disclose
40
Q

How would you deal with a FOI request?

A
  • Check the request is made in writing
  • Check it includes the requester’s name and address and clearly describe the information wanted
  • Forward request to FOI inbox team
41
Q

What are the 7 principles of the DPA?

A

Information held must be:

1) Secure
2) Fairly and lawfully processed for relevant purposes
3) Accurate and up-to-date
4) Not kept longer than necessary
5) Not given to 3rd parties
6) Disposed of securely
7) Processed in line with the data subject’s rights

42
Q

What are the 3 principles of GDPR and DPA 2018?

A
  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
43
Q

How do you comply with UK GDPR and DPA 2018 in your role?

A
  • I am aware of different types of information we hold
  • I complete the relevant training on understanding UK GDPR and DPA
  • I store data in the appropriate locations
  • I use appropriate document markings when storing and sharing information (Official-Sensitive)
  • I use secure information sharing such as Outlook rather than Teams
44
Q

What are the 7 principles of GDPR?

A

1) Lawfulness, fairness and transparency
2) Purpose limitation
3) Data minimisation
4) Accuracy
5) Storage limitation
6) Integrity and confidentiality
7) Accountability

45
Q

What are the 8 individual rights under GDPR?

A
  • To be informed
  • To access
  • To rectify
  • To restrict processing
  • Data portability
  • To object
  • To automated decision making and profiling
46
Q

What do the Privacy and Electronic Communications Regulations 2003 apply to?

A
  • UK’s implementation of EU eprivacy directive
  • Set of rules that protect the private rights of customers for marketing
  • A complement to the DPA and UK GDPR
  • Specific rules on marketing calls, emails, texts and faxes; cookies; customer privacy; keeping communication services secure
47
Q

What is copyright?

A

It is the exclusive and assignable legal right given to the originator for a fixed number of years to print, publish, perform, film or record literary, artistic or musical material

48
Q

What is Intellectual Property (IP)?

A

It is intangible property that is the result of creativity, such as patents, copyrights etc.

49
Q

Can Intellectual Property (IP) be transferred?

A

Yes

  • Through written agreement such as a contract or assignment
  • It should clearly state the details of the transfer including specific IP rights being transferred, parties involved and conditions/limitations
50
Q

What is the Limitation Act 1980?

A

It is a section of UK law that sets out rules for how long someone can take legal action to recover money they are owed.

It only applies when no contact has been made between the creditor and debtor within the given time limit and only applies to residents of England and Wales.

51
Q

Tell me about the retention of files under the Limitation Act 1980?

A

Files kept for 6 years:
- personal injury
- crime
- debt collection
- county court litigation
- immigration

Files kept for 15 years:
- sales of leasehold properties
- residential property purchases
- property sales
- probate
- financial services

Files kept for longer than 15 years:
- name change
- wills
- pension schemes
- IP
- company formation

52
Q

What is the difference between a deed and a registered title?

A

Deed = The physical document that proves ownership

Title = Concept of legal ownership that the deed grants

53
Q

What are the differences between manual and electronic records?

A
  • Paper documents are difficult to search/carry/copy and modify
  • Paper documents are easily damaged, misfiled or misplaced
  • Electronic documents are delivered by networks, disks, flash memory and CD/DVD and stored on a file system
  • Electronic documents can be hacked externally
  • Multiple users review electronic documents simultaneously
54
Q

What is an index map?

A
  • A type of finding aid that enables users to find a set of maps covering their regions of interest along with the name or number of the relevant map sheet
  • Provides geospatial data on either paper or computer screen
55
Q

How can you protect data from viruses?

A
  • Keep systems, browsers and important apps up to date
  • Antivirus software
  • Anti-spy software
  • Firewalls
  • Strong passwords
  • Be wary of phishing and suspicious emails
  • Use a secure wifi connection (VPN)
56
Q

What does blockchain mean?

A

A system in which a record of transactions especially those made in a cryptocurrency, is maintained across computers that are linked in a peer to peer network

57
Q

What is BIM?

A

Building Information Modelling

  • Workflow process
  • Based around models used for the planning, design, construction and management of building and infrastructure projects
58
Q

What is an AVM?

A

Automated Valuation Model

RICS definition: “using one or more mathematical techniques to provide an estimate of value of a specified property at a specified date, accompanied by a measure of confidence in the result, without human interaction post-initiation”

59
Q

Explain the growing use of AVMs in the industry

A
  • They are increasingly being used as an input to the valuation process or as a second opinion
  • Examples of funds being valued using an internal AVM, with a human valuer reviewing and providing assurance in their roles as an external, independent valuer e.g. Rightmove or Hometrack (used by Zoopla)
60
Q

What is ISO 9001?

A
  • It sets out the requirements on how firms should control data and documents relevant to the service they provide
  • Sets out requirements for a company’s Quality Management System (QMS) which is about the management of the entire enterprise and its operational processes
61
Q

What does ISO 27001 relate to?

A

International standards for information security

  • It sets out the specification for an effective ISMS (Information Security Management System)
  • Helps organisations manage their information security by addressing people, processes and technology
62
Q

What is the Civil Evidence Act 1995?

A

It is an Act to provide for the admissibility of hearsay evidence, the proof of certain documentary evidence and the admissibility and proof of official actuarial tables in civil proceedings; and for connected purposes

63
Q

Are electronic signatures accepted by the Land Registry?

A

Yes

  • Under English law a deed can be validly signed and witnessed using an electronic signature platform e.g. Docusign e-signature
64
Q

What type of documents can electronic signatures be used for?

A
  • Legal documents
  • Contractual agreements
  • Invoices
  • Financing documents
65
Q

What is data redundancy?

A
  • When the same piece of data exists in multiple places whereas data inconsistency is when the same data exists in different formats in multiple tables
  • Data redundancy can cause data inconsistency which can provide a company with unreliable/meaningless info
66
Q

What is Vlookup used for?

A
  • It is a built-in Excel function used to search for a value in the first column of a table range and return a corresponding value from another column in the same row
  • It means “vertical lookup”
  • Commonly used for data retrieval and analysis tasks
67
Q

What is a pivot table?

A
  • It is an interactive way to quickly summarise large amounts of data
  • Used to analyse numerical data in detail
  • Used to query large amounts of data in many user-friendly ways
68
Q

What is a Business Management System?

A
  • A set of tools for strategic planning and tactical implementation of policies, practices, guidelines, processes and procedures that are used in the development, deployment and execution of business plans and strategies and all associated management