Data Management (Level 1) Flashcards
What is triangulation?
Process used to verify data through an alternative source
- Important when considering reliability of a source and risks
How have you ensured data is secured safely?
Regular back ups undertaken off site
Disk encryption
Firewalls and disaster recovery procedures
Using anti-virus protection
Password protection
What is copyright?
Exclusive rights to work provided to the author or creator
- Rights can be assigned and transferred
- Essential to acknowledge any copyright in your own work
What is crown copyright?
Refers to material created and prepared by the government, such as laws, public records and OS mapping
What is Data Management?
The practice of collecting, storing and using data securely, efficiently and cost effectively
What is hard and soft data?
Hard - quantifiable
Soft - less measurable - e.g. opinions
What is an information barrier?
Physical or electronic barrier which prevents the transmission of information between individuals or firms
What is the Data Protection Act (2018)
UK implementation of GDPR
What is the purpose of GDPR?
Harmonise data protection across the EU
Alter how personal data is managed and handled to ensure stricter regulation
How have consent conditions been strengthened under GDPR?
Consent must be given with the purpose of data processing attached to that consent
- It must be as easy to give consent as it is to reverse it
What is the role of the Data Protection Act 2018?
Controls how personal information is used by organisations, businesses and the government
- Also govern data protected by GDPR
Is there any RICS guidance on Data Management?
(Archived) RICS Guidance Note - Electronic Data Management
Why did the Data Protection Act come into force?
1999 - Respond to the rise of Data
2018 - incorporate new GDPR regulation s
What are the key principles of GDPR / DPA?
Data must be
- Lawful, fair and transparent
- Collected for specified, legitimate and explicit purposes
- Adequate, relevant and limited to necessity
- Accurate and kept up to date
- Kept no longer than required
- Kept safe
What are the 8 individual rights under GDPR?
1) To be informed
2) To have access
3) To rectification
4) To erasure
5) To restrict processing
6) To data portability
7) To object
8) To automated decision making and profiling
Who does GDPR affect?
All companies who hold date EU data
Who polices and regulates GDPR in the UK?
Information Commission Office (ICO)
What are the penalties under GDPR and DPA?
Greater of 4% annual turnover or 20m euros
What should you do in the event of a GDPR breach?
Report to the ICO in 72 hours
What is the right to be forgotten?
Article 17
Individuals have the right to have personal files erased if:
- Data no longer required
- Data has been processed unlawfully
What is data portability?
Right for a data subject to receive personal info concerning them which they have provided and transmit data to another controller
What is privity by design?
Legal GDPR requirement
- Requires data protection from onset of designing a system, rather than in addition
What is a data controller?
Decides how and why personal data is processed and is directly responsible for GDPR
What is a data processor?
Someone who processes data on behalf of and in accordance with a data controller instruction
What is a data subject?
Individual whose data is about
What is a data protection officer?
Person responsible for compliance with data protection regulations - monitor and ensure internal compliance
What constitutes personal data?
Any information relating to a person that identifies that person
e.g. photo, name, email, bank details
What are examples of personal data under GDPR that relate to property companies?
Phone numbers
Email address
Registered address
What is the right to access?
Individuals have the right to obtain conformation that their data is being processed - access to their personal data
What is a GDPR breach notification?
uty under GDPR - must report breach in writing within 72 hours
If breach means an individuals rights or freedom may be impacted - must be reported straight away
How are breaches discovered?
Loss of equipment
Access logs
Theft
Serious data security incident
What are examples of data held by surveying firms that are covered under GDPR?
Emails
Other records
Customer info held for marketing
Data held to service client - e.g. bank details
Key requirements imposed by GDPR 2021 and Data Protection Act 2018?
- data protection risk assessment
- rights for individuals
- data controller responsible for GDPR
- provide information to ICO on compliance
- breaches reported to ICO within 72 hours
- fines of 4% global turnover or £17.5m
- policed by ICO
What is RICS guidance for GDPR compliance?
Conduct data reviews
Encrypt
Keep data anonymous
Understand data processes
What is APAM’s policy for data protection?
Comply with GDPR / DPA
- Report any breaches to data officer in 72 hours - or line manager
What is a privacy notice?
Document provided to individuals that explains how a company uses and holds data.
Identify who data controller and data protection officer is
Also should include:
- What information is held
- What information is used for
- Which 3rd parties may you share information with
- How long info is held
- What legal right a firm has
What is the Freedom of Information Act (2002)?
Gives individuals the right to request information held by public bodies
Public body must
- Confirm whether they hold the info
- Provide the info in 20 days of request
Can you provide an example of when you handle confidential information?
Data input forms - add, amend and remove data
Sending info to solicitors - use secure data room
Password and account for management systems
Protected excel workbooks
How do you protect data when transferring to a client?
Encryption and password protection
Recorded special delivery
Using secure network and software
When do you extract data in your role?
Using leases to fill out new lease forms
- Form filled out and sent securely to senior team member to sense check.
- Then sent to data team to securely upload to Propman
- Data then held securely using password protection
What management systems do you use?
Propman
Sharepoint
What is an ISO 9001?
Set out requirements for how firms should control data and documents relevant to the service they provide
What do you know about the retention of files under the Business Limitations Act 1980?
Legal Action must be brought within 6 years of issue arising
Business have responsibility to hold records for 6 years after they expire
How do I ensure data is kept securely?
Restrict access via password protection
Firewalls - prevent hacking
Undertake training
Don’t share confidential info and anonymise
What makes a land register plan compliant?
Correct scale 1:100, 1:200 - noted on plan
Have scale measurement bar
Include a 1:1250 scale map of location
Full address
North point
Demise in red outline
What are deeds & Registered Titles?
Deed - physical document declaring persons legal ownership
Registered title - ownership recorded with land registry electronically
What documents can be signed electronically?
Deeds - if witnessed
Contracts
How do I comply with APAM’s data protection policy?
Understand sensitive and protected data
Don’t share confidential data
Anonymise data
Report breaches
Why is it important to hold accurate information?
Effectively manage property
Ensure rent demands etc sent out timely and that information provided to clients is accurate
Comply with GDPR/DPA
What reports do you run?
Tenancy schedules
Arrears reports
Service Charge expenditure reports
Debtor payment histories
How do you ensure data held is accurate?
Data verification
Check against original documents
Error check data uploads with senior colleagues and data team
How are the management systems you use kept secure?
Encryption
Firewalls
Password protection
What are your KPIs for uploading data?
7 days from receipt
Data input tracker used to track when info received, uploaded by data team and relevant accounts work complete
Client kept informed throughout
How long can you hold data?
No limit - no longer than necessary
- As agreed with data subject
- Depends on several factors
- Is it a current project
- No you need them to justify fees
- Required for litigation?
If a lease was assigned, how long should you hold the assignors info on your system?
Depends on the terms
- If an AGA in place - hold details until the end of the lease
- Same for privity of contract
- Could be argued that info can be held until arrears cleared
How can you upload /share data and how do you know its allowed?
- Firms privacy policy - dictates what info is held, how processed and how shared with 3rd parties
- Time it may be allowed - property sale
- Privacy notice issued to all tenants
What is the land registry? and what are the limitations?
government agency responsible for holding property data
- unregistered land
- title plans can be inaccurate
- outdated
What are the limitations of Co Star?
Not always up to date
Information is not guarenteed
Why do you undertake a data verification?
New portfolio - lots of data - to ensure it was accurate
Ensure data being held is necessary
Comply with GDPR
How was the new data kept secure?
Held on solicitor data room
- Encryption and firewall
- Password protected
- I was given username and password
Loaded in compliance with Workman processes to ensure safety
What info was held on the data site?
Leases
Title
Sc budgets and recs
H&S docs
How is info kept secure in our office?
Follow privacy policy
- understand what info is held and why
- understand who info can be shared with
- ensure protection - password / encryption
- IT implementations - Firewalls
What data can you collect from tenants and why under GDPR?
contractual, legal and legitimate reason to do so
inputted onto server by creating cange note with tenant data
What is the Freedom of Information Act 2000
right to access information from public bodies
supplied within 20 days
public body can charge for data
individual rights under UK GPDPR
- right to be informed
- right to rectify
- right to erase
- right to restrict processing
- right to use data for own purposes
- right to object
exemptions for GDPR?
if it would prejudice a criminal matter under investigation
what information do you hold that is sensitive and confidential?
- tenant details
- client details
- fees
- excel models
- contracts
