Data Management COPY COPY Flashcards

1
Q

what are the GDPR consumer rights

A
A - Access
C – Consent
C - Correction
E – Erasure
P – Data Portability
ACCEP
(Accep your rights)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what regulation governs laws on data protection and privacy

A

UK General data protection regulation 2020

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Article 5 of GDPR requires that personal data should be what? Name at least 3

A
  • Processed lawfully, fairly in a transparent manner (PLT)
  • Adequate, relevant, and limited to what is necessary
  • Collected for specified explicit and legitimate purposes
  • Kept in a form that permits identification of data for no longer than is necessary
  • Accurate and kept up to date, where necessary
  • Processed in a manner that ensures appropriate security of personal data.

PACKAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the maximum GDPR fine set by UK GDPR and DPA 2018

A

17.5 Million or 4% of annual global turnover (whichever is highest).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Data offences can be punished by what? Name two (excluding fines).

A
  • Warnings
  • Temporary or permanent ban on data processing
  • Restriction or erasure of data
  • Suspend data transfers to third party countries.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what is DPA 2018?

A

Data Protection Act 2018

  • UK’s implementation of GDPR
  • Replaced the DPA 1998
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Are you aware of the Freedom of Information Act 2000?

A

Yes it provides the public access to information held by public authorities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

how do FOI Act 2000 requests work?

A
  • Must be in writing

- Information must not be exempt e.g. personal data or national security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What security measures can you use to protect data? Name at least 3

A
  • Password protection
  • Security markings
  • Physically locking storage units
  • Encryption firewalls
  • Two factor authentication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what best practices would you encourage in terms of managing data? Give at least 3

A
  • Cross reference computer with hard copy
  • Back up IT systems
  • Write once, read many times
  • Keep an audit trail
  • Ensure electronic signature cannot be altered. (send PDF’s not word)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

you refer to a valuation of serviced offices in Malvern Hills as part of REVAL 2021, how did you use the data collected to advise the senior management of your view?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

tell me what you know about GDPR

A

General Data Protection Regulation

Following Brexit there is now a UK version called UK GDPR 2020
Set out the main responsibilities for organisations using, storing and handling personal data.

Article 5 sets out the consumer rights which includes the right to be informed, right to access, right to erase, right to correct and right to withdraw consent.

Applies to the VOA – right to correct is something we actively do in the Check stage of CCA and in Form of return where personal data is explicitly collected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How does Freedom of information work and how can it be used?

A

Individual can request information held by public bodies such as minutes from a board meeting

Request must be made in writing

Public body must supply in 20 working days and can charge for this service
Information must not be exempt e.g. personal data or national security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

what is the latest change in data protection regulation?

A

DPA act
2020 GDPR
New professional statement on Data handling in consultation at the moment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How does GDPR affect your firm?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

what is the definition of personal data?

A

Personal data are any information which are related to an identified or identifiable person.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

what is encryption/firewalls/blockchain?

A

Encryption is a means of securing data by encoding it mathematically such that it can only be read, or decrypted, by those with the correct key or cipher.

A firewall is a network security device that monitors traffic to or from your network. It allows or blocks traffic based on a defined set of security rules.

A blockchain is a digitally distributed, decentralized, public ledger that exists across a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

describe a time you have used and managed data to communicate some complex, reasoned advice?

A

Reval, Office Malvern Hills

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

give me an example of how you process and handle confidential information

A

IHT case:

  • Don’t print what I don’t need to
  • Ensure appropriate saving with correct name conventions
  • Don’t leave computer unlocked and unattended
20
Q

tell me about how you extract data from a source regularly used in your role

A

Internal database – CDB for rental information
Set parameters for data to refine prior to download
Use filters on excel to refine the data to what I need

21
Q

what is an electronic document management system (EDMS)?

A

software package designed to manage electronic information and records within an organisation’s workflow.

Using various technologies, an EDMS allows a user to manage the creation, storage, and control of records while allowing other to access and edit documents.

22
Q

What type of documents can electronic signatures be used for?

A

Electronic signatures can be used to replace handwritten signatures in virtually every personal or business process. Examples include contracts, application forms and nondisclosure agreements

23
Q

Give me an example of how you ensure that data is kept securely.

A

Permission levels on edrm, restricts who can access the data, preventing conflict of interest in terms of accessing information. E.g someone in rating accessing plans and data collected for a different purpose.

Back up work / systems where necessary

When saving data within Electronic data recording system I ensure it is appropriately labelled as Official-sensitive information. To show others that care must be taken.

24
Q

how do you validate information

A

Cross check with another source
Call to get further information / confirm details
Adopt a common sense approach

25
Q

what are the strengths and limitations of primary/secondary data sources

A

Primary

Pro’s:
Specific to the needs
Greater control (type of data, design, method)
More up to date
May be more accurate

Cons:
Expensive (may make it more difficult)
Time consuming

Secondary

Pro’s:
Easily accessible
Affordable
Less time consummate g

Cons:
May lack reliability
May be outdated
May have to deal with irrelevant data before finding suitable data

26
Q

You shared rental evidence with an agent for rating purposes, did you have permission to share that information?

A

Yes - The Valuation Office Agency (VOA), as an executive agency of HMRC, is subject to the Commissioners for Revenue and Customs Act 2005 (CRCA) which covers: the confidentiality of information held by the VOA and when it is lawful to disclose that information.

The VOA is not permitted to disclose information except in certain limited circumstances, including, for the purposes of its functions, where there is a legislative gateway or with customer consent.

Sections 18 (2) and (3) of the Commissioners for Revenue and Customs Act (CRCA) 2005 allows sharing of data / information as long as it is reasonable and proportionate to do so.

The Billing Authority will treat all information supplied by the VOA as confidential even if the Information sharing agreement is terminated.

27
Q

How did you store the data collected for house in Kenilworth?

A

Electronically using word and excel

Uploaded my inspection notes and photographs to EDRM system with access restrictions and appropriate name and labelling.

28
Q

How do you ensure data is kept secure?

A

Main two points:
Keep it safe from corruption
Control access to data

I do this by:
Password protection
Not leaving computer or files unattended
Access restriction on EDRM
Computer system with regular back ups, encryption and anti-virus software
29
Q

Can other colleagues access information you are working on?

A

No if they are in a different team e.g. DVS then they will not be able to access information stored for rating purposes.

30
Q

Could conflicts arise from colleagues having access to certain information?

A

Yes it could occur if doing a DVS asset valuation and a rating colleague has access to this information. Could disadvantage the client as a result of accessing this data which was not requested for that purpose. Could go against GDPR, however CRCA act may justify it?

31
Q

Freedom of information act 2000 exemptions

A

Personal data
National security

Information held by the VOA for its functions that either directly identifies a person or enables their identity to be deduced from it, is exempt from disclosure under s44 of the
FoIA as it is prohibited by s23 of CRCA

32
Q

Tell me more about the data protection act 2018

A

The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government.

Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
used fairly, lawfully and transparently
used for specified, explicit purposes
used in a way that is adequate, relevant and limited to only what is necessary accurate and, where necessary, kept up to date
kept for no longer than is necessary
handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

Under the Data Protection Act 2018, you have the right to find out what information the government and other organisations store about you. These include the right to:

be informed about how your data is being used
access personal data
have incorrect data updated
have data erased
stop or restrict the processing of your data
data portability (allowing you to get and reuse your data for different services)
object to how your data is processed in certain circumstances

33
Q

How long did you keep information for in the Kenilworth case and how is it disposed?

A

Kept for minimum of 6 years

At the VOA we have a team who deals with erasure and data disposal

34
Q

What regulation covers sharing data?

A

Commissioners for Revenue and Customs Act 2005

CRCA ACT

35
Q

benefits of cloud based systems

A
  • information is backed up by encrypted servers
  • accessibility can be manged via online settings
  • cheaper than physically storing and managing files
  • more convenient to send and share files online instead of mailing physical copies
  • cloud systems are environmentally friendly
  • multiple users can access the same document and work on it at the same time.
36
Q

meaning of a non disclosure agreement

A

Used to protect against the disclosure or sharing of any confidential data.

Prior to the information being shared, clients will typically request that the recipient signs up to an NDA.

Often used to prevent confidential or sensitive property information being used or talked about by competitors.

37
Q

if two departments withing your firm were working for two rival companies how would you ensure client sensitive data was managed?

A
Make client aware of risks
Conflict of interest protocol
Informed consent
Keep staff exclusively in one team
NDA’s
Separate working locations
Use secure document systems with access restrictions
38
Q

who are the key persons outlined within GDPR?

A

Controller – person that determines the purpose and means of processing personal data e.g. the employer.

Processor – person that processes personal data on behalf of the controller e.g., call centres acting on behalf of its client.

Data Protection Officer – leadership role required by EU GDPR. Responsible for overseeing the data protection approach strategy and implementation.

39
Q

what should companies put into place to ensure GDPR compliance?

A
  • Raise awareness across the business
  • Audit personal data
  • Review procedures supporting individual rights
  • Identify and document the legal basis for processing personal data under GDPR
  • Train staff and give them the information
40
Q

What personal and confidential information does the VO hold?

A

Personal data relating to VOA employees
Emails containing sensitive or confidential information
Customer correspondence received in confidence
Customer records
Property information
Contractual information relating to past, present or potential future companies

41
Q

define what disclosure means?

A

The sharing of information with others
Before sharing information you must be sure you have the right to disclose it and the person requestion it has the right to receive it.

42
Q

what does CRCA set the VO’s functions as?

A

Producing rating lists
Council tax valuation lists
Valuation of property

43
Q

what two ways does the freedom of information act provide the public with access to information held by public authorities?

A

Public authorities are obliged to publish certain information about their activities.

Members of the public are entitled to request information from public authorities.

44
Q

when would you disclose information about taxpayers (or their properties) or our customers to third parties?

A

In line with CRCA Act 2005:

  • If essential for one of our functions
  • In line with legislation or statutory gateway under LGFA
  • With consent of the taxpayer, customer or client
  • For civil proceedings such as valuation tribunal hearings

For example, the law allows us to disclose rental information when dealing with a rating challenge. The law also then allows an appellant to request additional rental information proportionate to the rental information we disclose.

45
Q

How would you deal with someone requestion to access their own personal information?

A

There is a deadline of one month to respond to a request. I would forward any request where a requester asks for their own information to the SAR inbox immediately by emailing.

if the request is part of an outstanding case, I would consider if it can be dealt with more appropriately as business as usual under CRCA.

This is known as a Subject Access Request.

A verbal request for property information cannot always be answered verbally. We may require verification of the person’s link to the property before deciding whether we can disclose information.

46
Q

How would you deal with a freedom of information request?

A

Check the request is made in writing (email/letter)
Check it includes the requester’s name and address and clearly describe the information wanted.
Forward request to FOI inbox team