Data Management L1-2 Flashcards
WHAT IS YOUR UNDERSTANDING OF THE TERM CONFIDENTIALITY?
Where information is provided that is subject to confidence and not shared without permission.
WHAT IS YOUR UNDERSTANDING OF THE TERM ‘META DATA’ AND WHY IS THIS IMPORTANT?
Meta Data is information about a specific piece of data.
E.g. when sharing a cost planning doc, the Meta Data associated is the author, file size, date the document was produced and keywords to describe the document.
Meta Data must be afforded the same level of confidential care as all other confidential data.
If we share a document or remove specific confidential components, we should ensure confidential Meta Data is not shared inadvertently.
WHAT IS YOUR UNDERSTANDING OF INTELLECTUAL PROPERTY AND COPYRIGHT?
The right to control the use and ownership of original works.
Work created by an employee generally belongs to their employer, unless copyrights are put in place.
Common within construction for a client to be granted licence for use and reproduction of copyright material, which should be clearly identified.
E.g. the right to use a particular design by a subcontractor who retains the original copyright.
WHAT IS THE FREEDOM OF INFORMATION ACT 2005?
Primary piece of UK legislation that controls the access to official information.
The act permits the public right of access to information held by public authorities, then published via the public authorities publication scheme.
The act covers all information, not just information since the act came into effect.
WHAT ARE THE BENEFITS OF A CLOUD-BASED SYSTEM?
- Information is backed up on encrypted servers
- Accessibility is managed by online servers
- Multiple users can save and access the same document, globally
- Environmentally friendly
- Often cheaper than storage necessary for physical copies, sorting and filing
- Convenient to store, save and share files via email, rather than mailing physical copies
- Documents and folders can be synchronised
WHAT IS THE MEANING OF A NON-DISCLOSURE AGREEMENT?
Used to protect against the disclosure or sharing of confidential data.
Prior to confidential data being shared with a recipient, clients may request the recipient signs an NDA.
Used when confidential, sensitive, innovative or intellectual information being shared to prevent it being used by competitors.
IF TWO SEPERATE DEPARTMENTS WITHIN YOUR FIRM WERE WORKING FOR TWO RIVAL COMPANIES, HOW WOULD YOU ENSURE CLIENT SENSITIVE DATA WAS MANAGED?
I would make the client aware of the Conflict of Interest and make them aware of the risks involved, and steps taken to safely manage their data:
- Ensure a letter of instruction was obtained from the client.
- Ensure exclusivity of staff is arranged, consideration to the use of non-disclosure agreements.
- Separate working locations physically and separate data storage to ensure exclusivity of teams.
WHAT IS THE DATA PROTECTION ACT 2018?
The Act replaces the previous 1998 legislation, manages how personal data is processed by organisations and the government.
It is the UK legislation for the implementation of the EU GDPR (General Data Protection Regulations).
WHAT ARE THE KEY PRINCIPLES OF THE DATA PROTECTION ACT 2018?
The act ensures that data is:
- Used lawfully, fairly and transparently
- Used adequately and limited to only the purpose it is intended
- Is retained for no longer than necessary
- Processed securely including the protection against unlawful use, loss or destruction
WHAT ARE A PERSON’S RIGHTS UNDER THE DATA PROTECTION ACT?
People have the right to:
- Be informed on how their data is being used
- Access their data
- Have incorrect information updated
- Have their data erased
- Stop or restrict the processing of their data
- The right of portability
- To object to the use of their data
WHO ARE THE KEY PERSONS OUTLINED WITHIN GDPR?
Controller:
- The natural person or legal entity who determines the processing and means of personal data, e.g. when processing an employee’s personal data, the employer is the Controller.
Processor:
- The natural person or legal entity that processes personal data on behalf of the Controller, e.g. a call centre acting on behalf of its client is the Processor.
DPO (Data Protection Officer):
- The leadership role required by EU GDPR (General Data Protection Regulations) exists when dealing with data of an EU citizen, responsible for overseeing the data protection approach, strategy and it’s implementation.
WHAT ARE THE 8 RIGHTS OF INDIVIDUALS UNDER GDPR (GENERAL DATA PROTECTION REGULATIONS)?
The right to:
- Be informed
- Have access
- Of rectification
- Of erasure
- Restrict processing
- Data portability
- Object
- Of automated decision making and profiling
- Diversity, Inclusion and Team Working
WHAT DIFFERENT SOURCES OF INFORMATION DO YOU USE IN YOUR DAY-TO-DAY SURVEYING?
- RICS Guidance Notes
- Contract documentation
- Cost plans
- Previous tenders & valuation data
- Industry journals
- Specialist sub-contractor information
HOW DO YOU MANAGE CONFIDENTIAL SOURCES OF INFORMATION TO COMPLY WITH LEGISLATION?
If an NDA has been signed, I ensure complete confidentiality and am not able to speak to a colleague who is not party to the project / data.
Use of lockable storage for hard copies, encrypted servers for electronic information.
Lock my computer when away from my desk and comply with my firms IT security policies, e.g. attend regular Cyber Awareness courses and regularly update my password.
If I am sharing information not in the public domain, I will request the authors written permission to do so.
HOW DO COMPANIES ENSURE COMPLIANCE WITH DATA PROTECTION GENERALLY?
Only retain data they need to perform for day-to-day operations.
If they retain someone’s data, they should ensure the person is aware and advised on how the information is being used.
Data is stored securely.
Upkeep the accuracy and relevance of the data, deleting unnecessary information if no longer needed.
