Data management - Level 1 Flashcards
What do data security technologies include?
- Disk encryption – encrypting data on a secure hard disk drive
- Regular back ups off site
- Password protection and use of antivirus software protection
- Firewalls and disaster recovery procedures
What action in your office is undertaken to ensure the security of data?
- Password protected files
- Regular IT updates to help prevent files being damaged
- Cyber security and phishing training programmes to help prevent the loss or corruption of data
What does the UK General Data Protection and the Data Protection Act 2018 cover?
- UK GDPR is covered by the Data Protection Act 2018
- It aims to create a single data protection regime affecting businesses, and empower individuals to take control of how their data is used by third parties.
- It gives people rights to be informed about how their personal information is used.
What key requirements does it include?
- An obligation to conduct data protection impact assessments for high risk holding of data
- Rights for individuals to have access to information on what personal data is held
- A data controller decides how and why personal data is processed
- A data controller decides how and why personal data is processed
- Data accountability – ensuring that organisations can prove to the information commissioners (ICO) how they comply with the new regulations
- Data security breaches need to be reported to ICO within 72 hours where loss of data or hard to individuals
- Fines up to 4% of companies global turnover or £17.5mil
- Policed by ICO – Allsop must prove to ICO of data accountability and how they comply with new regs.
Principles of UK GDPR
- Article 5(1) Principles relating to the storage of personal data states that data must be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals
- Legitimate: Collected for specified, explicit and legitimate purpose
- Relevant: Adequate, relevant and limited to what is necessary
- Accurate: Kept up to date & if inaccurate erased immediately
- Time: kept no longer than necessary.
- Secure: held to ensure security against unlawful process & accidental loss, destruction or
- Article 5(2) ‘ the controller shall be responsible for and be able to demonstrate, compliance with the principles’
What are the 8 individual rights under GDPR?
- Right to be informed
- Right of access
- Right to rectify
- Right to erase
- Right to restrict processing
- Right to data portability
- Right to object
- Rights to automated decision making and profiling
What does the freedom of information act do?
Gives individuals the right of access to information held by public bodies
- The public body must tell any individual requesting sight of information whether it holds it
How can the security of data be improved?
- Security of electronic data can be improved using firewalls , encryption and passwords
What does the Proposed RICS Professional Standard on Data Handling and Prevention of Cyber on Data Handling and Prevention of Cybercrime set out?
- Data Handling and Prevention of Cybercrime Professional Standard is proposed covering best practice and mandatory obligations with which RICS professionals and regulated firms must comply
- It is proposed to address how surveyors capture, store and share data appropriately and securely and is likely to mandate policies, practices and training for all regulated firms and members.
Non Disclosure Agreement (NDA)
- This is a legally enforceable contract between two parties relating to sensitive information
- The agreement will create a confidential relationship between a person who has sensitive information and a person who has access to that information.
- The party that was harmed by the breach of the NDA can take legal action to enforce agreement and seek damages for any losses that were incurred.
What internal and external databases have you used to collect data?
I have used the likes of Costar and EIG to check for comparables. I have also used the Auction internal comparable database which contains all the information on lots. I know how to filter these searches appropriately so I can collect the relevant data
Why is it important to verify data?
It is important to carry out you due diligence and check that data is correct. An example of this would be calling up the agents to confirm information on comparable you have searched on Costar. The information needs to be correct as you may be advising your clients on this.
It is also important to verify and store data correctly as auditors are able to look at the evidence trail within your file.
Why should you lock your laptop away and what other resources would you lock away if left unsupervised?
Items that hold secure information are your responsibility and in order to prevent them being lost or damaged it is important to have the necessary protocols such as locking laptops and day books away if unattended.
