Data Management/Property Records COPY

Question 1

What else does the DPA 2018 cover (other than GDPR)?

Answer 1

• The Data Protection Act is the UK’s implementation of GDPR.
• The act is a complete data protection system as well as governing personal data covered by GDPR.
• It contains the key principles of the new regulations. Although it keeps the principles of the DPA.
• Penalties are more prescriptive and greater than the DPA 1998

Question 2

What are the changes resulting from GDPR?

Answer 2

Key requirements include:

• An obligation to conduct data protection impact assessments for high risk holding of data
• New rights for individuals to have access to information on what personal data is held and do have it erased.
• A data controller decides how and why personal data is processed and is directly responsible for GDPR
• A new principle of ‘data accountability’ ensuring that organisations can prove to the Information Commissioners Office (ICO) how they comply with the new regulations.
• Data security breaches need to be reported to the ICO within 72 hours where there is a loss of personal data and a risk of harm to individuals.
• An increase in fines to up to 4% of global turnover of the company or 20 million euros (whichever us the greater).
• Policed by the ICO

Question 3

What are the 8 Individual Rights under GDPR? (PREPAID O)

Answer 3

1. Right to data portability
2. Right to rectification
3. Right to erasure
4. Right to restrict processing
5. Right of access
6. Right to be informed
7. Right to automated decision making and profiling (as undertaken by insurance companies).
8. Right to object

Question 4

How did your organisation adapt to the introduction of GDPR?

Answer 4

Introduced a GDPR project team and new information governance function to ensure compliance with data protection legislation;

• Implemented new data protection policies
• delivered and continue to deliver new training to all staff on an annual basis
• ran data protection campaigns to prepare staff for the changes
• Introduced a new national data protection framework
• Captured all existing processing activities
• Established data protection impact assessments for all new processing activities
• Served due diligence on all suppliers
• Updated data protection clauses in new and existing contracts
• Recruited a Data Protection Officer and established an Information Governance Group for accountability purposes to the DPO and Senior Information Risk Owner.

Question 5

What relevance does FOI Act 2000 have to public bodies?

Answer 5

• Gives individuals the right of access to information held by public bodies
• The public body must tell any individual requesting sight of information whether it holds it
• Normally public body has to supply it within 20 working days.
• Exemptions are allowed for a variety of reasons including;
  > Contrary to GDPR requirements
  > It would prejudice a criminal matter under investigation
  > It would prejudice a person’s/organisation’s commercial interest.

Question 6

Give me an example of a property information tool.

Answer 6

Land registry, CoStar, Rightmove, Zoopla

Question 7

Tell me about how you extract data from a source regularly used in your role.

Answer 7

I am often required to extract data from Costar, Rightmove or the public sector website E-pims. As part of a relocation strategy in Westminster I refresh the Epims search from properties within 1 mile every two weeks and extract information such as address, size, use class and condition

Question 8

What are the limitations of primary/secondary data sources?

Answer 8

• Primary data more likely to be subject to human error

- Secondary data, likely to be outdated before you get it therefore, requires validation before reliance on it.

Question 9

How do charges/restriction/covenants and easements differ?

Answer 9

Charges - Section C of title register (mortgages and other financial charges, appear in the order they were originally registered).

Restriction (on title) Section (B) - prevents the owner of the property from registering a disposal at the land registry without complying with the terms of the restriction (often used to protect overage and clawback provisions).

Covenant (negative/restrictive) Section (C) - Rules preventing certain things from being done on the land (such as keeping animals or using for business purposes).

Positive covenant Section (C) - obligation to do something, such as contribute to a maintenance fund or maintain a wall.

Easement - Right to cross or otherwise use someone else’s land for a specified purpose - found on title register.
- May also be apparent from seeing someone walking/trodden down grass.

Question 10

What is the principle of estoppel?

Answer 10

If a breach has continued for a long enough period without any objection being raised it may have been treated as being abandoned under the principle of estoppel. 20 years now considered acceptable following Hepworth V Pickles (1900) - 24 years in that case.

Question 11

What’s the difference between a positive and negative easement?

Answer 11

Positive easement - permits the owner of the dominant land to carry out an act on the land belonging to the servient owner. E.g. right to walk over a footpath, discharge water into watercourse, or run cables and pipes across the servient owners land.

Negative easement - benefits the dominant land by restricting the actions of the servient landowner. An example of a negative easement would be having a right to light or a right to air.

Question 12

Which covenant runs with the land (positive or restrictive/negative)?

Answer 12

Restrictive/negative

Question 13

How do you validate information?

Answer 13

Legal documents, agents, colleagues (if we have an interest), public records.

Question 14

What is the difference between a deed and registered title?

Answer 14

Title - is the legal way of saying you own a right to something. For real estate purposes title refers to the ownership of the property, meaning you have the rights to use that property. (Goal scorer)

Deeds - are the legal documents made under seal that transfer to title from one person to another. (Assist).

Question 15

Give me an example of when you have applied password protection/user controlled access.

Answer 15

When sending DCNs as this contains a lot of confidential information

Question 16

What information can be found on a title register?

Answer 16

• Owner
• Address of the owner
• Tenure
• Price paid (if after April 2002)
• Boundaries (on title plan)
• Right of ways
• Restrictions
• Covenants on the land noted on the register

Question 17

What is title indemnity insurance?

Answer 17

Title indemnity insurance protects a party for any claim arising from the title of a property to cover such matters as title defects, restrictive covenants and easements - it is a one of premium.

Question 18

What is a TR1?

Answer 18

Land registry TR1 form is a formal land registry document which literally transfers the legal ownership of a property from one party or parties to another party or parties.

Question 19

What information is contained on a TR1?

Answer 19

• Title number
• Property
• Date
• Transferor
• Transferee

Question 20

What impact did method of sale have on your results for your internal sales tracker?

Answer 20

1. Informal tender
2. Auction
3. Private treaty
   (No formal tenders)

Question 21

How does NHS PS ensure the security on confidential/sensitive information?

Answer 21

Defence in depth strategy - multiple layers of security controls, if one fails the next kicks in.

• Web proxy/filters
• Antivirus solution for all company devices
• Email filtering (blocks malicious emails and attachments/links)
• Firewalls - inspect internet traffic and block malicious network pack
• Vulnerability management tools - identify vulnerabilities in software/operating system so they can be patched.
• Advanced threat detection tools - identify advanced persistent threats.

Question 22

Talk me through your development of the sales tracker.

Answer 22

1. Analysed available sources of information to decide what to include within the tracker
2. Began compiling sales evidence
3. Verified sales evidence with Transaction Manager/Land registry lease/registers and TR1’s
4. Added the information to my tracker
5. Analysed the information
6. Provided reports for each zone analysing the impact of method of sale on achieving sales receipts in excess of the market valuation.

Question 23

How did you ensure accurate data of the sales tracker was recorded?

Answer 23

• Verified sales evidence with the transaction manager/Land registry lease/registers and TR1s

Question 24

How was your sales tracker used to provide advice?

Answer 24

I didn’t provide advice in this example.

I analysed the impact the method of sale ahs on achieving sales receipts in excess of the valuation. I was aware that informal tender was often used for high value sites and so had the largest difference between valuation and sales receipt.

To mitigate this I also produced reports for properties which sold for £500,000k or less £250k or less and £100k or less.

Informal tender achieved the highest margin in all individual reports. I would have advised that if high levels of interest anticipated informal tender should always be considered.

Question 25

How was your data for the tracker shared with the transactions team? How did you ensure security.

Answer 25

It was password protected and stored within the transactions folder which only the internal team members had access too.

The file was password protected and the folder was also password protected.

Question 26

Talk me through your use of DCNs

Answer 26

1. Change in circumstance at a property/error identified on Horizon
2. Download DCN template
3. Begin compiling the necessary information, including reference numbers, rental figures, lease terms from lease/land registry etc.
4. Password protect
5. Send to data support manager to make amendments

Question 27

How do you ensure the information within a DCN is accurate?

Answer 27

I verify the information where I can with the Land Registry/Property Manager/Transaction Manager/Aconex.

Question 28

How do you use Horizon effectively?

Answer 28

I ensure that I am able to extract the information I require and verify this wherever possible. If an error is identified, after confirming information I will send a separate DCN to rectify.

Question 29

Talk me through your mapping project.

Answer 29

1. Instructed data sharing agreement
2. Waited to receive signed copy back
3. Collated and verified information to give to mapping consultant
4. Address, building sizes, tenure, book value, end dates/breaks (from Horizon).
5. Cross checked information with power BI (separate data base).
6. Compiled information before it was send and verified it with each property manager.
7. Received client’s data (held securely) - password protected file and folder.
8. Sent data to consultant (password protected).
9. Made suggestions for the functionality
10. Written reports highlighting exact adjacencies (health centre within 0.2 miles of X property you own).
11. Separate report highlighting potential redevelopment opportunities, after considering lease terms etc.
12. Client was unsure how to ensure the data was kept secure. I advised that if reports are shared from the mapping software these should be encrypted. I advised that Virtru offer a good 256 bit (AES - Advanced Encryption Standard) end to end encryption service.
13. I also advised that user controlled access and password protection would be the best was to ensure security of the mapping software itself.

Question 30

How did your mapping project this highlight adjacencies and joint redevelopment opportunities?

Answer 30

The mapping system was able to compile all properties within say 0.5 miles of the subject property. From there it was possible to consider joint redevelopment opportunities.

After highlighting adjacencies it would then be down to the user to consider, titles, heights, planning policy to advise if there was potential for redevelopment.

Question 31

How did your data sharing agreement work?

Answer 31

The data sharing agreement has a number of clauses which would protect the confidentiality of the data shared with the consultant. It was drafted by the legal team and included obligation such as;

Confidentiality obligations – keep the confidential information secret and confidential

Permitted disclosure – Only to their representatives provided they inform them of the confidential nature and keeps a written record of those representatives.

Question 32

What decisions did you make on functionality of the mapping project?

Answer 32

I ensured there was the ability to select a particular property and find all properties within the two estates that were say, within 1 mile.

Similarly you could drill down into all properties that were within say, 0.5 miles of each other as a list.

I also ensured the lease terms/tenure/break/rent when you clicked on a property.

Question 33

What reasoned advice to you provide your client? (find if there’s better answers anywhere)

Answer 33

After analysis of the data produced by the mapping system and analysis of lease terms/title/heights/local and national planning policy I was able to advise my client where there may be potential for a joint redevelopment.

• I advised that these opportunities should be explored further and I subsequently would instruct our internal planning team to carry out planning reviews to progress an opportunity.
• I advised the best way of keeping data secure was user controlled access as well as encrypting any reports which are shared with minimum 128 bit encryption.

Question 34

How did you ensure compliance with your data sharing agreement?

Answer 34

I requested proof of how the data was being stored, including a list of their representatives as per the data sharing agreement.

Question 35

Talk me through your template for portfolio optimisation.

Answer 35

1. Identified need to highlight void space at a commissioning (CCG level).
2. Created a template which is able to extract information from Horizon.
3. Template was then used to highlight high levels of void space by CCG and property level.
4. This was used as the basis of discussion for strategic reviews with the CCGs
5. After further engagement with the clients I was able to identify strategy (long term hold/short term etc).
6. I was then able to advise where there are potential optimisation/disposal opportunities after analysis of void space/strategy lease events etc.

Question 36

What information was inputted into your optimisation templates?

Answer 36

• Occupancy data (aconex would produce occupancies for each building where I could then extract the utilisation to be included
• Floor areas
• Site areas
• Occupiers
• Debt
• Planned maintenance
• Lease break/end

Question 37

How were your templates used to provide SREC advice?

Answer 37

Strategic review workshops were organised wit the client to run through the properties which they occupied. From here, they which buildings services might be being commissioned or decommissioned. If for example, a property was 40% vacant (evident from my tracker), and we were informed that the current occupier in there’s service was being decommissioned. This would then be flagged as a potential disposal opportunity (pending declaration the building is not needed for other healthcare services).

• I advised that should this data need to be shared with their colleagues, that it should be done so using an encryption service. I advised that Vitru offered a good end to end 256 AES encryption service.

Question 38

Are you aware of any forthcoming RICS materials on this subject?

Answer 38

Yes RICS draft professional statement - Data handling and prevention of cybercrime (consultation ended October 28th 2019).

25 mandatory principles for firms and members;

Including;

• Risk assessment annually
• Define, maintain and adhere to a data retention policy
• Ensure purpose for which the data is being kept is recorded
• Must use passwords to control access to computers and mobile phone/devices for work purposes.
• Online data must be protected by firewall at all times.
• Members must adhere to employer policies
• Members must report concerns about appropriate controls on data handling to senior staff members.
• Firms must use data encryption when handling sensitive data (minimum 128 bit).

Question 39

What other measures can you use to ensure the protection of data

Answer 39

• TLS (Transport Layer Security)
• SSL (Secure sockets layer)
  > Both cryptic protocols designed to provide communications security over computer networks This ensures the connection is secure because symmetric cryptography is used to encrypt the data transmitted.
• IPsec (Network Level) - cryptographic security to protect communications over IP networks. Supports peer to peer authentication.
• Implement two-factor authentication where access to client data and personal data is deemed a significant security risk.
• The use of VPNs for homeworking rather than storing data on personal devices

Question 40

How does network encryption work?

Answer 40

1. User initiates the connection by contacting server
2. Server sends public key
3. Negotiate parameters and open secure channel
4. User login to server host operating system

Question 41

What does the Privacy and Electronic Communications Regulations 2003 apply to? When was it updated?

Answer 41

This guide is for organisations that wish to send electronic marketing messages (by phone, fax, email or text), use cookies, or provide electronic communication services to the public.

• Updated 2018 and came into effect January 9th 2019

Question 42

What does the Privacy and Electronic Communications Regulations 2003 restrict? What are the penalties?

Answer 42

• Restricts unsolicited marketing (solicitated meaning requested)
• Require consent to send marketing material to a customer
• Restricts use of cookies
   - Tell people the cookies are there
   - Explain what the cookies are doing and why
   - Get the person’s consent to store a cookie on their device
• Penalties can include criminal prosecution and fines of up to £500,000

Question 43

What is copyright?

Answer 43

Copyright is the exclusive right given to the creator of a creative work to reproduce the work, usually for a limited time

Question 44

Can it be transferred?

Answer 44

Yes. However, no transfers of a copyright owner’s exclusive rights are valid unless the transfer is documented in writing

Question 45

What is an easement?

Answer 45

A right to cross or otherwise use someone else’s land for a specified purpose.

Question 46

How do you source title information?

Answer 46

From the Land Registry via our in-house legal team.

Question 47

What is an index map?

Answer 47

The index map contains information on all land and property that’s registered or being registered with HM Land Registry – establish whether land is registered/unregistered and reveals title number.

Question 48

What does encryption mean?

Answer 48

The process of converting information or data into a code, especially to prevent unauthorised access.

Question 49

What is a firewall?

Answer 49

A firewall is software or firmware that enforces a set of rules about what data packets will be allowed to enter or leave a computer network (prevents unauthorised access)

Question 50

How can you protect electronic data from viruses?

Answer 50

Anti-virus solution – NHS PS require this for all client and server devices;

Question 51

What is blockchain?

Answer 51

Blockchain is a type of distributed ledger for maintaining a permanent and tamper-proof record of transactional data

Question 52

Which records are manually kept in your office? Why?

Answer 52

Some employee records but no others. I believe because these haven’t been transferred to electronic records yet.

Question 53

Tell me about an electronic information system you have used.

Answer 53

The public sector asset management information system – epims. I am regularly required to extract information from Epims, such as use class, size, price, tenure – and report back to my team for the relocation strategy in Westminster.

Question 54

How do you ensure electronic/manual information is kept safely?

Answer 54

I always ensure documents are password protected, and if necessary password protect the folder as well.

• Encrypt data - Data encryption translates data into another form, or code, so that only people with access to a secret key (formally called a decryption key) or password can read it.

Question 55

Tell me about a property information system you have used in your role?

Answer 55

E-pims – the public sector surplus assets portal. This is useful as many public bodies list their property on here before going to the open market. Therefore there’s opportunity to acquire assets before they go on the market.

Question 56

What are some disadvantages of Epims?

Answer 56

• data is often not updated.
• People often don’t remove listings
• Data is often incorrect
• Increased importance on verification

Question 57

Tell me about a complex report you have written?

Answer 57

• I wrote reports after the mapping system had been produced. The report largely factual about where exact adjacencies between the two estates lied.
• I advised on how best to keep the data secure, for example user controlled access to the mapping software itself.
• I also advised that the sharing of any data should be encrypted within minimum 128 bit or above encryption. If they were not familiar I advised that Vitru offered a good end-to-end encryption service.

Question 58

What information can be contained on a title register?

Answer 58

From the Title Register you can find out:
• who owns the property or land
• the address of the owner
• the tenure
• price paid/value stated information if sold since April 2002
• the boundaries
• any rights of way or restrictions & covenants on the land noted on the register
What’s the difference between registered title and a deed?

Question 59

What is a TR1?

Answer 59

A Land Registry TR1 Form is a formal land registry document which literally transfers the legal ownership of a property from one party or parties to another party or parties

Question 60

What information can be found on a TR1?

Answer 60

1) Title number
2) Property
3) Date
4) Transferor
5) Transferee

Question 61

What impact to sale method have on the results?

Answer 61

Informal tender was the method which saw the largest excess in terms of the market valuation and the final sales receipt.

Question 62

Why do you think this might be? (sale method informal tender)

Answer 62

Generally we have utilised informal tender for our largest transactions, naturally there will be a bigger variation in the market value for these properties and sales receipt.

Question 63

How was your data shared with the wider transactions team?

Answer 63

It was password protected and stored within the transactions folder which only internal team members has access to.

Question 64

What did you do to ensure security (sales tracker)?

Answer 64

The file was password protected but also the folder was password protected

If shared via email I would ensure the data is encrypted with minimum 128 bit

Question 65

How does NHS PS ensure the accuracy of Horizon?

Answer 65

Cross references with our other system, Aconex. Property managers are also encouraged to verify information in person where possible.

Question 66

How do you ensure accuracy for the information you send to inform a DCN?

Answer 66

I cross check this with the lease and our other software, Aconex.

Question 67

What factors did you consider when giving advice or potential joint redevelopment?

Answer 67

Tenure/heights/local plan/national plan/site area/planning applications in the locality

Question 68

How did you use the information to inform your advice on disposal/optimisation opportunities?

Answer 68

The template would highlight where for example there were high levels of void, I could then discuss this with the CCG (client) to understand whether they considered the property a long-term hold. If they did then there was an optimisation opportunity (consider co-locating services etc.). If it wasn’t then could be seen a disposal opp.

Question 69

What was the outcome? (SREC advice)

Answer 69

The strategy at a number of sites is now being considered from both an optimisation and disposal enabling point of view.

Question 70

What is BIM?

Answer 70

Building Information Modeling (BIM) is an intelligent 3D model-based process that gives architecture, engineering, and construction (AEC) professionals the insight and tools to more efficiently plan, design, construct, and manage buildings and infrastructure.

Question 71

What are some further principles for GDPR under Article 5 (1)

Answer 71

Principles relating to the storage of personal data that states that data must;

• Processed lawfully, fairly and in a transparent manner in relation to individuals
• Collected for a specified purpose
• Adequate, relevant and limited to what is necessary
• Accurate and kept up to date
• Processed in a manner that ensures proper security

Question 72

What does Article 5 (2) state?

Answer 72

• Requires that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles”

Question 73

How did your data-sharing agreement differ from an NDA?

Answer 73

It was a confidentiality agreement.
A non-disclosure agreement implies you must not disclose personal or private information.

A confidentiality agreement ensures you are more proactive in making sure information is kept secret.

Question 74

What would happen if they had breached the terms of your data sharing agreement?

Answer 74

• By signing it the receiving party acknowledges that damages alone would not be an adequate remedy for any breach of the terms.
• Disclosing party shall be entitled to seek remedies of injunctions, specific performance or other equitable relief for any threatened or actual breach of the agreement.
• Receiving party also indemnified us against all costs, actions claims, demands, liabilities, damages or losses arising in connection with a breach of obligations.