Data Management/Property Records COPY Flashcards
What else does the DPA 2018 cover (other than GDPR)?
- The Data Protection Act is the UK’s implementation of GDPR.
- The act is a complete data protection system as well as governing personal data covered by GDPR.
- It contains the key principles of the new regulations. Although it keeps the principles of the DPA.
- Penalties are more prescriptive and greater than the DPA 1998
What are the changes resulting from GDPR?
Key requirements include:
- An obligation to conduct data protection impact assessments for high risk holding of data
- New rights for individuals to have access to information on what personal data is held and do have it erased.
- A data controller decides how and why personal data is processed and is directly responsible for GDPR
- A new principle of ‘data accountability’ ensuring that organisations can prove to the Information Commissioners Office (ICO) how they comply with the new regulations.
- Data security breaches need to be reported to the ICO within 72 hours where there is a loss of personal data and a risk of harm to individuals.
- An increase in fines to up to 4% of global turnover of the company or 20 million euros (whichever us the greater).
- Policed by the ICO
What are the 8 Individual Rights under GDPR? (PREPAID O)
- Right to data portability
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right of access
- Right to be informed
- Right to automated decision making and profiling (as undertaken by insurance companies).
- Right to object
How did your organisation adapt to the introduction of GDPR?
Introduced a GDPR project team and new information governance function to ensure compliance with data protection legislation;
- Implemented new data protection policies
- delivered and continue to deliver new training to all staff on an annual basis
- ran data protection campaigns to prepare staff for the changes
- Introduced a new national data protection framework
- Captured all existing processing activities
- Established data protection impact assessments for all new processing activities
- Served due diligence on all suppliers
- Updated data protection clauses in new and existing contracts
- Recruited a Data Protection Officer and established an Information Governance Group for accountability purposes to the DPO and Senior Information Risk Owner.
What relevance does FOI Act 2000 have to public bodies?
- Gives individuals the right of access to information held by public bodies
- The public body must tell any individual requesting sight of information whether it holds it
- Normally public body has to supply it within 20 working days.
- Exemptions are allowed for a variety of reasons including;
> Contrary to GDPR requirements
> It would prejudice a criminal matter under investigation
> It would prejudice a person’s/organisation’s commercial interest.
Give me an example of a property information tool.
Land registry, CoStar, Rightmove, Zoopla
Tell me about how you extract data from a source regularly used in your role.
I am often required to extract data from Costar, Rightmove or the public sector website E-pims. As part of a relocation strategy in Westminster I refresh the Epims search from properties within 1 mile every two weeks and extract information such as address, size, use class and condition
What are the limitations of primary/secondary data sources?
- Primary data more likely to be subject to human error
- Secondary data, likely to be outdated before you get it therefore, requires validation before reliance on it.
How do charges/restriction/covenants and easements differ?
Charges - Section C of title register (mortgages and other financial charges, appear in the order they were originally registered).
Restriction (on title) Section (B) - prevents the owner of the property from registering a disposal at the land registry without complying with the terms of the restriction (often used to protect overage and clawback provisions).
Covenant (negative/restrictive) Section (C) - Rules preventing certain things from being done on the land (such as keeping animals or using for business purposes).
Positive covenant Section (C) - obligation to do something, such as contribute to a maintenance fund or maintain a wall.
Easement - Right to cross or otherwise use someone else’s land for a specified purpose - found on title register.
- May also be apparent from seeing someone walking/trodden down grass.
What is the principle of estoppel?
If a breach has continued for a long enough period without any objection being raised it may have been treated as being abandoned under the principle of estoppel. 20 years now considered acceptable following Hepworth V Pickles (1900) - 24 years in that case.
What’s the difference between a positive and negative easement?
Positive easement - permits the owner of the dominant land to carry out an act on the land belonging to the servient owner. E.g. right to walk over a footpath, discharge water into watercourse, or run cables and pipes across the servient owners land.
Negative easement - benefits the dominant land by restricting the actions of the servient landowner. An example of a negative easement would be having a right to light or a right to air.
Which covenant runs with the land (positive or restrictive/negative)?
Restrictive/negative
How do you validate information?
Legal documents, agents, colleagues (if we have an interest), public records.
What is the difference between a deed and registered title?
Title - is the legal way of saying you own a right to something. For real estate purposes title refers to the ownership of the property, meaning you have the rights to use that property. (Goal scorer)
Deeds - are the legal documents made under seal that transfer to title from one person to another. (Assist).
Give me an example of when you have applied password protection/user controlled access.
When sending DCNs as this contains a lot of confidential information
What information can be found on a title register?
- Owner
- Address of the owner
- Tenure
- Price paid (if after April 2002)
- Boundaries (on title plan)
- Right of ways
- Restrictions
- Covenants on the land noted on the register
What is title indemnity insurance?
Title indemnity insurance protects a party for any claim arising from the title of a property to cover such matters as title defects, restrictive covenants and easements - it is a one of premium.
What is a TR1?
Land registry TR1 form is a formal land registry document which literally transfers the legal ownership of a property from one party or parties to another party or parties.
What information is contained on a TR1?
- Title number
- Property
- Date
- Transferor
- Transferee
What impact did method of sale have on your results for your internal sales tracker?
- Informal tender
- Auction
- Private treaty
(No formal tenders)
How does NHS PS ensure the security on confidential/sensitive information?
Defence in depth strategy - multiple layers of security controls, if one fails the next kicks in.
- Web proxy/filters
- Antivirus solution for all company devices
- Email filtering (blocks malicious emails and attachments/links)
- Firewalls - inspect internet traffic and block malicious network pack
- Vulnerability management tools - identify vulnerabilities in software/operating system so they can be patched.
- Advanced threat detection tools - identify advanced persistent threats.
Talk me through your development of the sales tracker.
- Analysed available sources of information to decide what to include within the tracker
- Began compiling sales evidence
- Verified sales evidence with Transaction Manager/Land registry lease/registers and TR1’s
- Added the information to my tracker
- Analysed the information
- Provided reports for each zone analysing the impact of method of sale on achieving sales receipts in excess of the market valuation.
How did you ensure accurate data of the sales tracker was recorded?
- Verified sales evidence with the transaction manager/Land registry lease/registers and TR1s
How was your sales tracker used to provide advice?
I didn’t provide advice in this example.
I analysed the impact the method of sale ahs on achieving sales receipts in excess of the valuation. I was aware that informal tender was often used for high value sites and so had the largest difference between valuation and sales receipt.
To mitigate this I also produced reports for properties which sold for £500,000k or less £250k or less and £100k or less.
Informal tender achieved the highest margin in all individual reports. I would have advised that if high levels of interest anticipated informal tender should always be considered.
How was your data for the tracker shared with the transactions team? How did you ensure security.
It was password protected and stored within the transactions folder which only the internal team members had access too.
The file was password protected and the folder was also password protected.
Talk me through your use of DCNs
- Change in circumstance at a property/error identified on Horizon
- Download DCN template
- Begin compiling the necessary information, including reference numbers, rental figures, lease terms from lease/land registry etc.
- Password protect
- Send to data support manager to make amendments
How do you ensure the information within a DCN is accurate?
I verify the information where I can with the Land Registry/Property Manager/Transaction Manager/Aconex.
How do you use Horizon effectively?
I ensure that I am able to extract the information I require and verify this wherever possible. If an error is identified, after confirming information I will send a separate DCN to rectify.
Talk me through your mapping project.
- Instructed data sharing agreement
- Waited to receive signed copy back
- Collated and verified information to give to mapping consultant
- Address, building sizes, tenure, book value, end dates/breaks (from Horizon).
- Cross checked information with power BI (separate data base).
- Compiled information before it was send and verified it with each property manager.
- Received client’s data (held securely) - password protected file and folder.
- Sent data to consultant (password protected).
- Made suggestions for the functionality
- Written reports highlighting exact adjacencies (health centre within 0.2 miles of X property you own).
- Separate report highlighting potential redevelopment opportunities, after considering lease terms etc.
- Client was unsure how to ensure the data was kept secure. I advised that if reports are shared from the mapping software these should be encrypted. I advised that Virtru offer a good 256 bit (AES - Advanced Encryption Standard) end to end encryption service.
- I also advised that user controlled access and password protection would be the best was to ensure security of the mapping software itself.