Data Management (Good Questions) Flashcards
What are some examples of Data security technologies?
- Disk Encryption
- Regular backups off site
- Password protection
- Anti-virus software
- Firewalls
- disaster recovery procedures
What is your understanding of copy right?
- Set of exclusive rights granted to the author or creator of original work.
- Rights can be assigned, licensed or transferred
- Form of intellectual property
What should you do if you include any copyrighted information in your work?
Acknowledge author / copyright
What is Crown Copyright?
- Refers to all material created and prepared by the government.
- Includes laws, public records, official press releases and OS Mapping
What does GDPR stand for?
- General Data Protection Regulation
What is your understanding of the Data Protection Act 2018?
- Aims to create a single data protection regime affecting business
- Aims to empower individuals to take control of how their data is used by third parties.
- Gives people rights to be informed about how their personal information is used.
Key requirements include:
- Obligation to conduct data protection impact assessments for high risk holding of data.
- Rights for individuals to access information on what data is held and to have it deleted.
- Data controller decides how and why personal data is processed. Directly responsible for GDPR.
- New principle of ‘‘data accountability’’ - organisations must be able to prove to the Information Commissioner’s Office (ICO) how they comply with the new regulations.
- Data Security Breaches need to be reported to the ICO within 72 hours if there is a loss of personal data and a risk of harm to individuals.
Key Principles include:
Article 5(1) - Principles relating to the storage of personal data.
States that data must be:
1. Processed lawfully, fairly and transparently.
2. Collected for specific, legitimate, explicit purposes.
3. Adequate, relevant and limited to what is necessary for their purposes.
4. Accurate, kept up to date. If inaccurate, to be erased or rectified without delays.
5. Kept in a form allowing identification for no longer than necessary.
6. Ensure appropriate security against loss / destruction / unauthorised access.
Article5(2) requires the controller to be responsible, and be able to demonstrate, compliance with the principles.
What are the 8 individual rights under UK GDPR
RIGHT:
1. To be INFORMED
2. of ACCESS
3. to RECTIFICATION
4. to ERASURE
5. to RESTRICT PROCESSING
6. to DATA PORTABILITY
7. to OBJECT
8. to AUTOMATED DECISION MAKING AND PROFILING
(I ADORERR)
Who polices data regulation? What fines can be applied?
- Policed by the Information Commissioners Office (ICO)
- Fines up to greater of 4% of global turnover or £17.5 million.
What is your understanding of the Freedom of Information Act 2000?
FOI Act 2000 gives individuals the right of access to information held by public bodies
- Public body must inform individual requesting FOI whether it holds it.
- Normally required to supply information within 20 working days and in format requested.
- Can charge for provision of information.
Exemptions to FOI are allowed for a variety of reasons:
1. Contrary to GDPR requirements.
2. Would prejudice criminal matters.
3. Against organisations commercial interest.
What is your understanding of Non-disclosure agreements (NDA’s)?
- Legally enforceable contract between two parties relating to sensitive information.
- Agreement creates a confidential relationship between the two parties.
- Party damaged by breach of NDA can take legal action to enforce agreement & seek damages.
Does the RICS have any guidance on Data Protection?
Not yet.
Proposed Professional Standard on Data Handling and Prevention of Cybercrime.
- Would cover best practice and mandatory obligations.
- Would address data capture / storage / sharing.
- Would mandate policies, practices and training for firms & members.
Can you name the recently introduced regulations set out to control how companies manage data they hold? Can you name the legislation this is supported by?
- UK General Data Protection Regulations
- Data Protection Act 2018
Can you name any of the 8 principles covered in the Data Protection act 2018?
- Fair and lawful processing
- Specified and lawful purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than necessary
- Processed in line with your rights
- Held securely
- Not transferred to countries without adequate protection
Can you name any of the sources of data currently in use by the construction industry? What factor would you apply for a project from North East England to one in London?
- BCIS
- Location factor
How does your in-house system comply with GDPR?
- Information only collected for specific, legitimate purposes.
- Information is only relevant to purposes required.
- Information is kept up to date
- Information is held securely