Data Management COPY Flashcards
What regulation governs laws on data protection and privacy?
UK General Data Protection Regulation 2020
What is the maximum GDPR fine set by UK GDPR and DPA 2018?
17.5 million or 4% of annual global turnover (whichever is highest)
Data offences can be punished by what?
- Warnings
- Temporary or permanent ban on data processing
- Restriction or erasure of data
- Suspend data transfers to 3rd party countries
What is the Data Protection Act 2018?
- UK’s implementation of GDPR
- Replaced the DPA 1998
- Controls how personal information is used by organisations, businesses or the government
- Designed to protect personally identifiable information
What is the Freedom of Information Act 2000?
- Gives individuals the right of access to information held by public bodies
- Public body must tell any individuals requesting sight of the information whether it holds that information
- Must be supplied within 20 working days in the format required
- Can be charged for the provision of the information
How do Freedom of Information Act 2000 requests work?
- Must be in writing
- Information must not be exempt
What security measures can you use to protect data?
- Password protection
- Security markings
- Physically locking storage units
- Encryption firewalls
- Two factor authentication
What best practices would you encourage in terms of managing data?
- Cross reference computer with hard copy
- Back up IT systems
- Write once, read many times
- Keep an audit trail
- Ensure electronic signature cannot be altered (send PDF not Word)
Tell me what you know about GDPR?
- Following Brexit, the UK GDPR 2020 was introduced.
- This set out the main responsibilities for organisations using, storing and handling personal data
- Article 5 sets out consumer rights
- Applies to the VOA - the right to correct is something we actively do in the Check stage in CCA and in the form of return where personal data is explicitly collected
What is personal data?
Any information which is related to an identified or identifiable person
What are encryption, firewalls and blockchain?
Encryption = Securing data by encoding it mathematically so it can only be read or destroyed by those with the correct key or cipher
Firewall = Network security device that monitors traffic to/from your network, it allows/blocks traffic based on a set of security rules
Blockchain = Digitally distributed, decentralised public ledger that exists across a network
How do you process and handle confidential information?
- Don’t print what I don’t need to
- Ensure appropriate saving with correct name conventions
- Don’t leave computer unlocked or unattended
How do you extract data from a source regularly used in your role?
- Internal database - CDB for rental and sale information
- Set parameters for data to refine prior to download
- Use filters on Excel to refine the data to what I need
What is an Electronic Document Management System (EDMS)?
- Software package designed to manage electronic information and records within an organisation’s workflow
- Allows a user to manage the creation, storage and control of records while allowing others to access and edit documents
What type of documents can electronic signatures be used for?
To replace handwritten signatures in virtually every personal or business process
e.g. contracts, application forms and non-disclosure agreements
How do you ensure that data is kept securely?
- Permission levels on EDRM and Sharepoint to restrict who can access data, preventing conflicts o interest in terms of accessing information
e.g. rating valuer accessing plans and data collected for a different purpose - Back up work/systems where necessary
- Ensure properly labelled as ‘Official - Sensitive’ info to show others that care must be taken
How do you validate information?
- Cross check with another source
- Call to get further information/confirm details
- Adopt a common sense approach
What are the pros and cons of primary data?
Pros
- Specific to needs
- Greater control
- More up-to-date
- May be more accurate
Cons
- Expensive (may make it more difficult)
- Time consuming
What are the pros and cons of secondary data?
Pros
- Easily accessible
- Affordable
- Less time consuming
Cons
- May lack reliability
- May be outdated
- May have to deal with irrelevant data before finding suitable data
You shared rental evidence with an agent for rating purposes. did you have permission to share that information?
- Yes, the VOA is subject to the Commissioners for Revenue and Customs Act 2005
- This covers the confidentiality of information held by the VOA and when its lawful to disclose that information
- VOA cannot disclose information except in limited circumstances including legislative gateways/consent
- Section 18(2) and (3) allows sharing of data so long as it is reasonable and proportionate to do so
- BA treats information from VOA as confidential even if the information sharing agreement is terminated
What is Section 18 of the CRCA 2005?
It sets out where information can be disclosed. Do not disclose this information unless:
- it is essential for one of our functions
- it is allowed by specific legislation
- it is with consent of the customer
- it is in the course of civil proceedings
What is Section 7 of the CRCA 2005?
It sets out the VOA’s functions:
- compilation and maintenance of rating lists and council tax lists
- valuation of property
What is Section 10 of the CRCA 2005?
It allows the VOA to provide a valuation of property:
- for any purpose relating to its function
- at the request of a public authority
How did you store data collected on inspection?
- Electronically using Word and Excel
- Uploaded inspection notes and photographs to EDRM system with access restrictions and appropriate name and labelling
Can other colleagues access information you are working on?
Not if they are in a different team
e.g. DVS will not be able to access information stored for rating purposes
What are the exemptions in the Freedom of Information Act 2000?
- Personal data
- National security
- Information held by the VOA for its functions that either directly identifies a person or enables their identity to be deduced from it, is exempt from disclosure under S44 of the FOI Act 2000 as it is prohibited by S23 of the CRCA 2005.
Tell me about the DPA 2018?
- Controls how your personal information is used by organisations, businesses or the government
- Everyone responsible for using personal data has to follow strict rules called ‘Data Protection Principles’ also known as PACKAP
- Consumer rights (ACCEP)