Data Management/Property Records Flashcards

1
Q

What else does the DPA 2018 cover (other than GDPR)?

A
  • The Data Protection Act is the UK’s implementation of GDPR.
  • The act is a complete data protection system as well as governing personal data covered by GDPR.
  • It contains the key principles of the new regulations. Although it keeps the principles of the DPA.
  • Penalties are more prescriptive and greater than the DPA 1998
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the changes resulting from GDPR?

A

Key requirements include:

  • An obligation to conduct data protection impact assessments for high risk holding of data
  • New rights for individuals to have access to information on what personal data is held and do have it erased.
  • A data controller decides how and why personal data is processed and is directly responsible for GDPR
  • A new principle of ‘data accountability’ ensuring that organisations can prove to the Information Commissioners Office (ICO) how they comply with the new regulations.
  • Data security breaches need to be reported to the ICO within 72 hours where there is a loss of personal data and a risk of harm to individuals.
  • An increase in fines to up to 4% of global turnover of the company or 20 million euros (whichever us the greater).
  • Policed by the ICO
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the 8 Individual Rights under GDPR? (PREPAID O)

A
  1. Right to data portability
  2. Right to rectification
  3. Right to erasure
  4. Right to restrict processing
  5. Right of access
  6. Right to be informed
  7. Right to automated decision making and profiling (as undertaken by insurance companies).
  8. Right to object
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How did your organisation adapt to the introduction of GDPR?

A

Introduced a GDPR project team and new information governance function to ensure compliance with data protection legislation;

  • Implemented new data protection policies
  • delivered and continue to deliver new training to all staff on an annual basis
  • ran data protection campaigns to prepare staff for the changes
  • Introduced a new national data protection framework
  • Captured all existing processing activities
  • Established data protection impact assessments for all new processing activities
  • Served due diligence on all suppliers
  • Updated data protection clauses in new and existing contracts
  • Recruited a Data Protection Officer and established an Information Governance Group for accountability purposes to the DPO and Senior Information Risk Owner.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What relevance does FOI Act 2000 have to public bodies?

A
  • Gives individuals the right of access to information held by public bodies
  • The public body must tell any individual requesting sight of information whether it holds it
  • Normally public body has to supply it within 20 working days.
  • Exemptions are allowed for a variety of reasons including;
    > Contrary to GDPR requirements
    > It would prejudice a criminal matter under investigation
    > It would prejudice a person’s/organisation’s commercial interest.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Give me an example of a property information tool.

A

Land registry, CoStar, Rightmove, Zoopla

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Tell me about how you extract data from a source regularly used in your role.

A

I am often required to extract data from Costar, Rightmove or the public sector website E-pims. As part of a relocation strategy in Westminster I refresh the Epims search from properties within 1 mile every two weeks and extract information such as address, size, use class and condition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the limitations of primary/secondary data sources?

A
  • Primary data more likely to be subject to human error

- Secondary data, likely to be outdated before you get it therefore, requires validation before reliance on it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How do charges/restriction/covenants and easements differ?

A

Charges - Section C of title register (mortgages and other financial charges, appear in the order they were originally registered).

Restriction (on title) Section (B) - prevents the owner of the property from registering a disposal at the land registry without complying with the terms of the restriction (often used to protect overage and clawback provisions).

Covenant (negative/restrictive) Section (C) - Rules preventing certain things from being done on the land (such as keeping animals or using for business purposes).

Positive covenant Section (C) - obligation to do something, such as contribute to a maintenance fund or maintain a wall.

Easement - Right to cross or otherwise use someone else’s land for a specified purpose - found on title register.
- May also be apparent from seeing someone walking/trodden down grass.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the principle of estoppel?

A

If a breach has continued for a long enough period without any objection being raised it may have been treated as being abandoned under the principle of estoppel. 20 years now considered acceptable following Hepworth V Pickles (1900) - 24 years in that case.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What’s the difference between a positive and negative easement?

A

Positive easement - permits the owner of the dominant land to carry out an act on the land belonging to the servient owner. E.g. right to walk over a footpath, discharge water into watercourse, or run cables and pipes across the servient owners land.

Negative easement - benefits the dominant land by restricting the actions of the servient landowner. An example of a negative easement would be having a right to light or a right to air.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which covenant runs with the land (positive or restrictive/negative)?

A

Restrictive/negative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How do you validate information?

A

Legal documents, agents, colleagues (if we have an interest), public records.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the difference between a deed and registered title?

A

Title - is the legal way of saying you own a right to something. For real estate purposes title refers to the ownership of the property, meaning you have the rights to use that property. (Goal scorer)

Deeds - are the legal documents that transfer to title from one person to another. (Assist).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Give me an example of when you have applied password protection/user controlled access.

A

When sending DCNs as this contains a lot of confidential information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What information can be found on a title register?

A
  • Owner
  • Address of the owner
  • Tenure
  • Price paid (if after April 2002)
  • Boundaries (on title plan)
  • Right of ways
  • Restrictions
  • Covenants on the land noted on the register
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is title indemnity insurance?

A

Title indemnity insurance protects a party for any claim arising from the title of a property to cover such matters as title defects, restrictive covenants and easements - it is a one of premium.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a TR1?

A

Land registry TR1 form is a formal land registry document which literally transfers the legal ownership of a property from one party or parties to another party or parties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What information is contained on a TR1?

A
  • Title number
  • Property
  • Date
  • Transferor
  • Transferee
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What impact did method of sale have on your results for your internal sales tracker?

A
  1. Informal tender
  2. Auction
  3. Private treaty
    (No formal tenders)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

How does NHS PS ensure the security on confidential/sensitive information?

A

Defence in depth strategy - multiple layers of security controls, if one fails the next kicks in.

  • Web proxy/filters
  • Antivirus solution for all company devices
  • Email filtering (blocks malicious emails and attachments/links)
  • Firewalls - inspect internet traffic and block malicious network pack
  • Vulnerability management tools - identify vulnerabilities in software/operating system so they can be patched.
  • Advanced threat detection tools - identify advanced persistent threats.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Talk me through your development of the sales tracker.

A
  1. Analysed available sources of information to decide what to include within the tracker
  2. Began compiling sales evidence
  3. Verified sales evidence with Transaction Manager/Land registry lease/registers and TR1’s
  4. Added the information to my tracker
  5. Analysed the information
  6. Provided reports for each zone analysing the impact of method of sale on achieving sales receipts in excess of the market valuation.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

How did you ensure accurate data of the sales tracker was recorded?

A
  • Verified sales evidence with the transaction manager/Land registry lease/registers and TR1s
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How was your sales tracker used to provide advice?

A

I didn’t provide advice in this example.

I analysed the impact the method of sale ahs on achieving sales receipts in excess of the valuation. I was aware that informal tender was often used for high value sites and so had the largest difference between valuation and sales receipt.

To mitigate this I also produced reports for properties which sold for £500,000k or less £250k or less and £100k or less.

Informal tender achieved the highest margin in all individual reports. I would have advised that if high levels of interest anticipated informal tender should always be considered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

How was your data for the tracker shared with the transactions team? How did you ensure security.

A

It was password protected and stored within the transactions folder which only the internal team members had access too.

The file was password protected and the folder was also password protected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Talk me through your use of DCNs

A
  1. Change in circumstance at a property/error identified on Horizon
  2. Download DCN template
  3. Begin compiling the necessary information, including reference numbers, rental figures, lease terms from lease/land registry etc.
  4. Password protect
  5. Send to data support manager to make amendments
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

How do you ensure the information within a DCN is accurate?

A

I verify the information where I can with the Land Registry/Property Manager/Transaction Manager/Aconex.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

How do you use Horizon effectively?

A

I ensure that I am able to extract the information I require and verify this wherever possible. If an error is identified, after confirming information I will send a separate DCN to rectify.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Talk me through your mapping project.

A
  1. Instructed data sharing agreement
  2. Waited to receive signed copy back
  3. Collated and verified information to give to mapping consultant
  4. Address, building sizes, tenure, book value, end dates/breaks (from Horizon).
  5. Cross checked information with power BI (separate data base).
  6. Compiled information before it was send and verified it with each property manager.
  7. Received client’s data (held securely) - password protected file and folder.
  8. Sent data to consultant (password protected).
  9. Made suggestions for the functionality
  10. Written reports highlighting exact adjacencies (health centre within 0.2 miles of X property you own).
  11. Separate report highlighting potential redevelopment opportunities, after considering lease terms etc.
  12. Client was unsure how to ensure the data was kept secure. I advised that if reports are shared from the mapping software these should be encrypted. I advised that Virtru offer a good 256 bit (AES - Advanced Encryption Standard) end to end encryption service.
  13. I also advised that user controlled access and password protection would be the best was to ensure security of the mapping software itself.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

How did your mapping project this highlight adjacencies and joint redevelopment opportunities?

A

The mapping system was able to compile all properties within say 0.5 miles of the subject property. From there it was possible to consider joint redevelopment opportunities.

After highlighting adjacencies it would then be down to the user to consider, titles, heights, planning policy to advise if there was potential for redevelopment.

31
Q

How did your data sharing agreement work?

A

The data sharing agreement has a number of clauses which would protect the confidentiality of the data shared with the consultant. It was drafted by the legal team and included obligation such as;

Confidentiality obligations – keep the confidential information secret and confidential

Permitted disclosure – Only to their representatives provided they inform them of the confidential nature and keeps a written record of those representatives.

32
Q

What decisions did you make on functionality of the mapping project?

A

I ensured there was the ability to select a particular property and find all properties within the two estates that were say, within 1 mile.

Similarly you could drill down into all properties that were within say, 0.5 miles of each other as a list.

I also ensured the lease terms/tenure/break/rent when you clicked on a property.

33
Q

What reasoned advice to you provide your client? (find if there’s better answers anywhere)

A
  • I advised where adjacencies lied and that these opportunities should be explored further and I subsequently would instruct our internal planning team to carry out planning reviews to progress an opportunity.
  • I also advised the best way of keeping data secure was user controlled access as well as encrypting any reports which are shared with minimum 128 bit encryption.
34
Q

How did you ensure compliance with your data sharing agreement?

A

I requested proof of how the data was being stored, including a list of their representatives as per the data sharing agreement.

35
Q

Talk me through your template for portfolio optimisation.

A
  1. Identified need to highlight void space at a commissioning (CCG level).
  2. Created a template which is able to extract information from Horizon.
  3. Template was then used to highlight high levels of void space by CCG and property level.
  4. This was used as the basis of discussion for strategic reviews with the CCGs
  5. After further engagement with the clients I was able to identify strategy (long term hold/short term etc).
  6. I was then able to advise where there are potential optimisation/disposal opportunities after analysis of void space/strategy lease events etc.
36
Q

What information was inputted into your optimisation templates?

A
  • Occupancy data (aconex would produce occupancies for each building where I could then extract the utilisation to be included
  • Floor areas
  • Site areas
  • Occupiers
  • Debt
  • Planned maintenance
  • Lease break/end
37
Q

How were your templates used to provide SREC advice?

A

Strategic review workshops were organised wit the client to run through the properties which they occupied. From here, they which buildings services might be being commissioned or decommissioned. If for example, a property was 40% vacant (evident from my tracker), and we were informed that the current occupier in there’s service was being decommissioned. This would then be flagged as a potential disposal opportunity (pending declaration the building is not needed for other healthcare services).

  • I advised that should this data need to be shared with their colleagues, that it should be done so using an encryption service. I advised that Vitru offered a good end to end 256 AES encryption service.
38
Q

Are you aware of any forthcoming RICS materials on this subject?

A

Yes RICS draft professional statement - Data handling and prevention of cybercrime (consultation ended October 28th 2019).

25 mandatory principles for firms and members;

Including;

  • Risk assessment annually
  • Define, maintain and adhere to a data retention policy
  • Ensure purpose for which the data is being kept is recorded
  • Must use passwords to control access to computers and mobile phone/devices for work purposes.
  • Online data must be protected by firewall at all times.
  • Members must adhere to employer policies
  • Members must report concerns about appropriate controls on data handling to senior staff members.
  • Firms must use data encryption when handling sensitive data (minimum 128 bit).
39
Q

What other measures can you use to ensure the protection of data

A
  • TLS (Transport Layer Security)
  • SSL (Secure sockets layer)
    > Both cryptic protocols designed to provide communications security over computer networks This ensures the connection is secure because symmetric cryptography is used to encrypt the data transmitted.
  • IPsec (Network Level) - cryptographic security to protect communications over IP networks. Supports peer to peer authentication.
  • Implement two-factor authentication where access to client data and personal data is deemed a significant security risk.
  • The use of VPNs for homeworking rather than storing data on personal devices
40
Q

How does network encryption work?

A
  1. User initiates the connection by contacting server
  2. Server sends public key
  3. Negotiate parameters and open secure channel
  4. User login to server host operating system
41
Q

What does the Privacy and Electronic Communications Regulations 2003 apply to? When was it updated?

A

This guide is for organisations that wish to send electronic marketing messages (by phone, fax, email or text), use cookies, or provide electronic communication services to the public.

  • Updated 2018 and came into effect January 9th 2019
42
Q

What does the Privacy and Electronic Communications Regulations 2003 restrict? What are the penalties?

A
  • Restricts unsolicited marketing (solicitated meaning requested)
  • Require consent to send marketing material to a customer
  • Restricts use of cookies
     - Tell people the cookies are there
     - Explain what the cookies are doing and why
     - Get the person’s consent to store a cookie on their device
  • Penalties can include criminal prosecution and fines of up to £500,000
43
Q

What is copyright?

A

Copyright is the exclusive right given to the creator of a creative work to reproduce the work, usually for a limited time

44
Q

Can it be transferred?

A

Yes. However, no transfers of a copyright owner’s exclusive rights are valid unless the transfer is documented in writing

45
Q

What is an easement?

A

A right to cross or otherwise use someone else’s land for a specified purpose.

46
Q

How do you source title information?

A

From the Land Registry via our in-house legal team.

47
Q

What is an index map?

A

The index map contains information on all land and property that’s registered or being registered with HM Land Registry – establish whether land is registered/unregistered and reveals title number.

48
Q

What does encryption mean?

A

The process of converting information or data into a code, especially to prevent unauthorised access.

49
Q

What is a firewall?

A

A firewall is software or firmware that enforces a set of rules about what data packets will be allowed to enter or leave a computer network (prevents unauthorised access)

50
Q

How can you protect electronic data from viruses?

A

Anti-virus solution – NHS PS require this for all client and server devices;

51
Q

What is blockchain?

A

Blockchain is a type of distributed ledger for maintaining a permanent and tamper-proof record of transactional data

52
Q

Which records are manually kept in your office? Why?

A

Some employee records but no others. I believe because these haven’t been transferred to electronic records yet.

53
Q

Tell me about an electronic information system you have used.

A

The public sector asset management information system – epims. I am regularly required to extract information from Epims, such as use class, size, price, tenure – and report back to my team for the relocation strategy in Westminster.

54
Q

How do you ensure electronic/manual information is kept safely?

A

I always ensure documents are password protected, and if necessary password protect the folder as well.

  • Encrypt data - Data encryption translates data into another form, or code, so that only people with access to a secret key (formally called a decryption key) or password can read it.
55
Q

Tell me about a property information system you have used in your role?

A

E-pims – the public sector surplus assets portal. This is useful as many public bodies list their property on here before going to the open market. Therefore there’s opportunity to acquire assets before they go on the market.

56
Q

What are some disadvantages of Epims?

A
  • data is often not updated.
  • People often don’t remove listings
  • Data is often incorrect
  • Increased importance on verification
57
Q

Tell me about a complex report you have written?

A
  • I wrote reports after the mapping system had been produced. The report largely factual about where exact adjacencies between the two estates lied.
  • I advised on how best to keep the data secure, for example user controlled access to the mapping software itself.
  • I also advised that the sharing of any data should be encrypted within minimum 128 bit or above encryption. If they were not familiar I advised that Vitru offered a good end-to-end encryption service.
58
Q

What information can be contained on a title register?

A

From the Title Register you can find out:
• who owns the property or land
• the address of the owner
• the tenure
• price paid/value stated information if sold since April 2002
• the boundaries
• any rights of way or restrictions & covenants on the land noted on the register
What’s the difference between registered title and a deed?

59
Q

What is a TR1?

A

A Land Registry TR1 Form is a formal land registry document which literally transfers the legal ownership of a property from one party or parties to another party or parties

60
Q

What information can be found on a TR1?

A

1) Title number
2) Property
3) Date
4) Transferor
5) Transferee

61
Q

What impact to sale method have on the results?

A

Informal tender was the method which saw the largest excess in terms of the market valuation and the final sales receipt.

62
Q

Why do you think this might be? (sale method informal tender)

A

Generally we have utilised informal tender for our largest transactions, naturally there will be a bigger variation in the market value for these properties and sales receipt.

63
Q

How was your data shared with the wider transactions team?

A

It was password protected and stored within the transactions folder which only internal team members has access to.

64
Q

What did you do to ensure security (sales tracker)?

A

The file was password protected but also the folder was password protected

If shared via email I would ensure the data is encrypted with minimum 128 bit

65
Q

How does NHS PS ensure the accuracy of Horizon?

A

Cross references with our other system, Aconex. Property managers are also encouraged to verify information in person where possible.

66
Q

How do you ensure accuracy for the information you send to inform a DCN?

A

I cross check this with the lease and our other software, Aconex.

67
Q

How did you use the information to inform your advice on disposal/optimisation opportunities?

A

The template would highlight where for example there were high levels of void, I could then discuss this with the CCG (client) to understand whether they considered the property a long-term hold. If they did then there was an optimisation opportunity (consider co-locating services etc.). If it wasn’t then could be seen a disposal opp.

68
Q

What was the outcome? (SREC advice)

A

The strategy at a number of sites is now being considered from both an optimisation and disposal enabling point of view.

69
Q

What is BIM?

A

Building Information Modeling (BIM) is an intelligent 3D model-based process that gives architecture, engineering, and construction (AEC) professionals the insight and tools to more efficiently plan, design, construct, and manage buildings and infrastructure.

70
Q

What are some further principles for GDPR under Article 5 (1)

A

Principles relating to the storage of personal data that states that data must;

  • Processed lawfully, fairly and in a transparent manner in relation to individuals
  • Collected for a specified purpose
  • Adequate, relevant and limited to what is necessary
  • Accurate and kept up to date
  • Processed in a manner that ensures proper security
71
Q

What does Article 5 (2) state?

A
  • Requires that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles”
72
Q

How did your data-sharing agreement differ from an NDA?

A

It was a confidentiality agreement.
A non-disclosure agreement implies you must not disclose personal or private information.

A confidentiality agreement ensures you are more proactive in making sure information is kept secret.

73
Q

What would happen if they had breached the terms of your data sharing agreement?

A
  • By signing it the receiving party acknowledges that damages alone would not be an adequate remedy for any breach of the terms.
  • Disclosing party shall be entitled to seek remedies of injunctions, specific performance or other equitable relief for any threatened or actual breach of the agreement.
  • Receiving party also indemnified us against all costs, actions claims, demands, liabilities, damages or losses arising in connection with a breach of obligations.