Data Management - Summary Of Experience Flashcards
What are the GDPR principles?
Personal data must:
- Be processed lawfully, fairly and in a transparent manner in relation to individuals.
- Collected for specified, explicit and legitimate purposes.
- Accurate and up to date.
- Kept in a form which permits identification.
- Processed in a manner that ensures security of personal data.
What is GDPR?
GDPR is the General Data Protection Regulation.
The EU’s GDPR no longer applies in the UK but was almost entirely transcribed into the UK GDPR in 2016.
UK GDPR is covered by the Data Protection Act 2018.
What is the aim of GDPR?
To create a single data protection regime affecting businesses and empower individuals to take control of how their data is used by third parties.
What act implemented the GDPR in the UK?
The Data Protection Act (2018) which replaces the Data Protection act 1998 after 20 years.
What are some of the key requirements set out in the UK GDPR & Data Protection Act 2018
1) Policed by the ICO
2) Fines up to 4% global turnover of the company or £17.5 million (which ever is greater)
3) An obligation to conduct data protection impact assessments.
4) New rights for individuals to have access to information on what personal data is held.
5) A data controller decides how and why personal data is processed and directly responsible for GDPR.
6) Data security breaches need to be reported to ICO within 72 hours where these is loss of personal data.
What are a few data security technologies that can be used?
- Disk encryption
- Regular back ups
- Password Protection
- Use of anti-virus software
What are the 8 individual rights under UK GDPR?
1) Right to be informed
2) Right of access
3) Right to rectification
4) Right to erasure
5) Right to restrict processing
6) Right to data portability
7) Right to object
8) Rights to automated decision making
How do you hold client data?
We hold all our client data on password protected folders.
What is your firm’s disaster recovery plan if your servers go down?
We have a backup procedure in place (daily,) we have a back up server which is regularly maintained by an outsourced IT Company.
I understand that a quick insight can be useful in respect to monthly reporting but it carries a number of risks too. Can you explain those you recognised and how you overcame ?
The risks could include provide inaccurate data to parties which could lead to confusion. This occurred when obtaining a contractors report to confirm access was available from a certain manhole to clear a communal waste pipe. This was incorrect information at the time which was reported. I overcame this by attending site with the contractor, obtaining another survey and providing the correct information to the client. I met with the client face to face to explain and re-issued the monthly report.
What asset management initiatives were part of the report?
A schedule of lease renewals and rent reviews where regularly updated ensuring that portfolio maximisation was kept on top of in line with our clients objectives.
What was included in your tenant’s guidance note?
We included:
1) Managing Agents contact details in respect to Property Management & Accounts Personnel.
2) Out of Hours Contact Details
3) Contractor Details
4) Local Authority Details
5) Fire Safety in the Communal Areas
6) Fire Prevention in occupiers demised areas.
7) Smoking in the premises.
Describe the internal property management/accounts database that you use ?
We use a software system called Tramps managed by Trace Solutions. It is a fully integrated Cloud-based platform.
In respect to Property Management Tramps allows us to create workflow processes around common tasks and link reports and files directly to property records.
In respect to Accounting Tramps allows us to fully integrate budget-to-reconciliation which is fully compliant with RICS regulations.
What information was included in the Tenancy Schedules you provided?
- Total sq.ft of the Unit.
- Tenant name
- Lease start date and lease expiry date
- Whether there was a break date or rent review.
- Rent per annum and rent per square feet.
- Unexpired term to expiry.
- % of income of total building.
What are the regulations in moving an abandoned vehicle from private land?
- Council / Local Authority are responsible for removing abandoned vehicles from:
Land in the open air (including private land)
Roads (including private roads)
When removing a vehicle from land in the open authorities:
- Cannot charge the landowner or occupier.
- Must give the landowner 15 days notice that they propose to remove the vehicle.
- Cannot remove if landowner objects.
What was the reasoning for you advising that the data needed to be managed in respect to the Car Park at Archway?
I advised this to ensure the client had awareness that the tenant’s were complying with the terms of their lease by parking a specific number of cars within the car park and due to no CCTV present this seemed to be a viable option.
How did the online permits work?
This was managed by Car Park Management Company. They initially provided three online log in to three different accounts. One for ground floor tenant, one for the first floor tenant and one for any contractors. Tenants / visitors would upload their vehicle registration number to the system themselves. If they did not register, they would receive a Penalty Charge Notice.
What would you advise and do if there was a data breach?
I would report the breach to the ICO within 72 hours and keep a record on who was affected and what I was doing to rectify the situation.
What do you know about the Freedom Of Information 2000?
- Right to information held by public sector
- Request must be in writing
- Information must not be exempt e.g. personal data or national security.
Can you give me some examples of communication of specific complex reasoned information?
Use of :
- Graphs
- Photos
- Evidence schedules
- Maps
-To support arguments in tribunals. - Contributing to property market sentiment reports.
- Advising on data storage.
- Benchmarking from analysed data
Can you give me an example of Input and Extract data?
Input = Survey data, rental information, settlements
Extract = Rental information, settlements.
What are examples of best practice in data management ?
- Cross reference with hard copy
- IT system maintenance
- Protect integrity
- Info management policy
- Audit trail
- Electronic signature has legal status, as long as it cannot be altered.
How can data analysis be used to advise clients?
Data can be:
- SWOT Analysis
- Traffic light analysis
- Weighted analysis
- Ranking
- Cost benefit analysis
- Software based or Excel
This data can be displayed via:
- Graphs
- Diagrams
- Bar charts
- Plotted on maps.
- Schedules
- Tables
Used to:
- Create business plans
- Create action plans
- Give advice
- Bring data to life enabling decisions to be made
What is a typical document cycle? (CCRARA)
Compose - Capture - Review - Approve - Retrieve - Archive
What is a Non-Disclosure Agreement (NDA)?
A legally enforceable contract between two parties relating to sensitive information.
How do you comply with UK GDPR and the Data Protection Act 2018 in your role?
I comply with UK GDPR within my role with regard to tenants data, if my company manages a property where a new organisation has taken a lease, I inform the tenant that we will be storing their data such as lease between L&T, contact information and information that is relevant to their individual office, I ensure we explain that all tenant data is held safely and securely on our online files and can be password protected upon request by the tenant.
I further ensure that I regularly review all the data stored and delete outdated tenant information.
Give an example of how you process and handle confidential information?
I regularly would upload confidential information to our property management and accounting software (internal), my role would be uploading personal details of tenants such as contact information and lease agreements and I assist our accounts team on ensuring that the tenants financial information is uploaded in the correct way.
I ensure that only authorised personnel within the firm can access the confidential information and our internal software requires a two step authentication code to access the site providing an additional layer of security.
Give me an example of how you ensure that data is kept securely.
Internal Software - Two Step Authentication Process and Unique Log In
Password Protected files
Regular backup of company files - on a daily basis.
What do the Privacy and Electronic Communications Regulations 2003 apply to?
Applies to direct marketing activities conducted through electronic means.
Businesses must obtain explicit consent from individuals before sending marketing emails, texts or calls.
What is copyright?
A legal right that protects original works from being used without the creators permission.
What is Intellectual Property?
Intangible property that is the result of creativity such as patents and copyrights.
An example would be, logos, brand names and designs.
Can Intellectual Property be transferred?
Yes - only with a written document signed by the owner.
What is the Freedom of Information Act 2000?
Gives individuals the right of access to information held by public bodies.
The public body must tell any individual requesting sight of information whether it holds it.
Normally the public body is requested to supply it in 20 working days in the format requested.
It can charge for the provision of the information.
Can you tell me about the retention of files and the Limitation Act 1980?
The Limitation Act 1980 sets time limits on various types of legal action and from this businesses can determine how long they need to keep documents for.
Section 5 of the Limitation Act 1980 states documents should be kept for 6 years after they expire.
Can you give me an example of a property information tool?
CoStar
Tell me about how you extract data from a source regularly used in your role?
When undertake comparable evidence research for rent reviews, I would extract relevant property information from CoStar into either an excel spreadsheet (direct from CoStar) or manually into a word document for me to then start my analysis of those Comparables.
What are the limitations of primary/secondary data sources?
Primary:
Time consuming to extract data
Expensive to collect
May have limited scope
Secondary:
Lack specific information
Potentially outdated
How do you validate information?
Refer to historic data if a property hasn’t changed.
Confirm with the client or property owner.
What is the difference between a deed and a registered title?
A Deed is a physical legal document that transfers ownership of a property from one person to another whereas;
A Registered Title is the official record of ownership of a property.
How do you source title information?
I conduct a search via the Land Registry website.
What are the differences between manual and electronic records?
A manual record is a physical document such as a document that is handwritten and an electronic record is a digital file stored on a computer system.
What is an index map?
A map that shows the location of smaller areas within a larger area.
What does encryption mean?
The process of protecting information or data by using mathematical models.
What is a firewall?
A network security system that monitors and controls incoming and outgoing network traffic.
How can you protect electronic data from viruses?
Install and regularly update antivirus software
Use a firewall
Be cautious about opening suspicious emails and attachments.
Which records and manually kept in your office and why?
We hold client financial information as we hold client monies.
We hold current and past leases (up to 6 years,) in case we need to refer to the lease on a landlord and tenant dispute and for rent reviews.
What is BIM and how can it be used?
Building Information Modelling
Can be used to process visualising a digital representation of a physical asset via a 3D model.
Explain the growing use of AVMs in the industry?
AVMs (Automated Valuation Models,) can generate property values in a matter of minutes, however, the RICS have stated in the Red Book Global amendment, that surveyors should act with caution when using these models and always make sure that the values are checked thoroughly by a registered valuer to ensure best practice.
What AVMs are you aware of?
I am aware of but must admit have never used, CoreLogic and VeroVALUE.
What is ISO 9001?
ISO 9001 are a set of internationally recognised standards for Quality Management Systems
What are the requirements of ISO 9001?
Scope of the QMS
Quality Policy
Quality Objectives and Plans
Procedure for control of externally provided processes, products and services.
Maintenance and calibration records.
Competence Records
Product Service Requirements and Review Records.
Customer Property Records.
What does ISO 27001 relate to?
ISO 27001 relates to the international standard for information security management.
Why is quality management so important?
Quality management provides a framework for constant quality improvement to ensure companies build and launch best possible products and services.
What is an Electronic Document Management System (EDMS)?
A electronic management system that is used to store, track and manage files or documents.
What do you understand by the Civil Evidence Act 1995?
The Civil Evidence Act 1995 is an Act to provide for the admissibility of hearsay evidence.
Are electronic signatures accepted by the Land Registry?
HM Land Registry will accept most documents being electronically signed.
What types of documents can electronic signatures be used for?
Any document since the use of electronic signatures are legal and the advantages are, security, speed and user friendly.
What is Data Redundancy?
Data Redundancy refers to the practice of keeping data in two or more places within a database or data storage system.
What is VLOOKUP used for?
When you need to find things in a table or a range by row when using Microsoft Excel
What is a Pivot Table?
A pivot table is an interactive way to quickly summarise large amounts of data in detail when using Microsoft Excel.
How have you obtained data from in-house sources?
When reviewing service charge budgets, I extract the service charge transaction listing from our in house property management software to ensure my budgets are in line with the current and previous years outgoings. I extract this data in the form of an excel spreadsheet which provides a more user friendly document.
How have you set up and used electronic filling systems?
When we begin a new project such as taking over a new management, I will ensure that the necessary online folders and set up in an organised manner to ensure that when we obtain all the relevant data from a new client for example, the data can be directly extracted into the folders. I will then show and explain to colleagues where this data is being held and how to navigate the files.
How have you set up a technical library?
I personally have not set up a technical library but I know who to contact to assist if I was ever to set up this type of database.
How have you written clear and factual reports on information extracted from a property record or information system?
When undertaking a rent review, I would extract comparable evidence from information systems such as CoStar. Before issuing a report, I would verify the information with the agent listed on each and every comparable. Once this has been completed, I would sit down with my director, go through the report and before it is sent to a client.
How have you assisted in the development of a property information system?
When my company made the decision to change our in house accounting and property management software, I assisted in the handover to ensure all data was transferred in the correct manner and to ensure we were getting the most out of the new system by logging all inspection reports for example.
How have you interpreted legal language in relation to property records?
When reviewing leases for example, I am aware of the clauses that are relevant to my day-to-day job, however, if I was ever ensure of the language used, I would either consult one of my directors or a qualified solicitor to assist in my understanding.
How have you ensured good data security?
Password protected files
Regularly update and install anti-virus software
Back Up Data
Use of Two Step Authentication
How have you searched for comparable evidence?
Using CoStar and verifying information with local & listed agencies.
Weekly & Monthly Reporting - How did you create your tenancy schedules?
I manually extracted data from the each leases to ensure I was uploading accurate information to the tenancy schedule.
The schedule included, rent payable, name of tenant, name of unit/office, break dates, rent review dates, lease term.
How did you track upcoming rent reviews and lease renewals?
Using information from tenancy schedules, I would schedule calendar events and reminders within the correct timeframes giving me the relevant notice and time to action each rent review and lease renewal in good & substantial time.
Tell me about some of the specific requirements your clients had and how you tailored your reports accordingly?
One of my clients wanted weekly reports various items which included building issues, tenant issues, staff issues and action notes to follow each issue.
I ensured a template was approved by my client before actioning the report, keeping the report short and brief as this was one of my clients priorities when requesting my reports.
How did you send the weekly reports to your client.
All reports were issued via email and reports were as an attachment.
What would you do if you sent a report to the wrong client?
My first action would be to write to the client and confirm of the error and ensure that I include the action steps to addressing the situation.
I would then write to the recipient, explaining that the report was sent to them in error and request that they permanently delete the email/report from their system and request confirmation that this was deleted.
Scrutton Street - what was the purpose of the guidance note document?
The purpose was to provide incoming tenants with an electronic and hard paper copy information pack that provide details of important contacts with telephone numbers and email addresses.
The purpose was to assist the incoming tenants in the best possible way and ensure they could settle into the building as quickly as possible.
Tenant’s Guidance Notes - How did you ensure the data was up-to-date?
The tenant guidance notes were regularly updated every 6 months to ensure accurate and up to date information was being provided.
How have you advised on business filling systems?
When asked, I have advised clients on how we are storing various types of data such as lease agreements, licences, compliance documents, service charge budgets.
I have advised that our online files are filled in alphabetical order and from there by property in sub folders.
How have you advised on data storage system?
I have advised tenants and clients on how we as a company store their data and I have advised how the back up of our system is actioned and completed. I further advised clients and tenants of our transfer to a new cloud based online property management and accounting system.
How have you advised on security of data?
I have advised clients on who our responsible person is within our company for overseeing data-handling and controls and I advised clients that all staff members receive adequate, regular training on data handling processes and how to ensure further security of data.
How have you complied with client’s data security requirements?
One client requested I provided them a comprehensive report on our data security requirements. My report included, what information we have on files, what the information will be used for, which third parties you may share the information with (and why,) how long we will keep the information for.
Further, I ensured that I obtained a record of consent from clients that we can hold their data and I double checked, alongside my director, our terms of engagement to ensure there was a clear data security clause enclosed.
Car Park, Archway - What data did you advise the client needed to be managed?
I advised the client that we needed to monitor which cars were parking in the allotted spaces (which were for tenants only) and we needed to monitor and control unlawful parking.
Car Park, Archway - what issues was unperrmitted use of the car park causing?
This was causing a huge amount of frustration on the tenants who had a right to park a certain number of cars in the car park area under the terms of their lease.
It was also causing a potential threat to my clients building and to neighbouring buildings.
Issue was causing neighbours distress as well, as was a share drive way to access the car park.
How was everyone given individual login details?
I as the property manager was given 3 unique log in credentials. I requested information for the reasonable person for each of the tenants. I then provided the log in credentials via PDF which was sent via email.
How would first time visitors be permitted to use the car park if they didn’t have a login in?
All tenants managed their own online portals which they could add and remove vehicles from.
I had a separate login for contractors, property managers and the client where I would manually add details of vehicle registrations prior to an inspection or visit to site.
Private Data - What data do you hold for the properties you manage?
Leases
Licences
Tenant Contact Information
Compliance Details
Service Charge Budgets
Service Charge Expenditure
Accounting Details
Staff Contracts (for building porters)
Insurance Policies
How are online files backed up ?
On a daily basis by an external IT provider who monitor our server.
When you advised clients they could access data remotely, how did the clients respond?
Overall, Clients were very pleased about accessing data on rental income and payments remotely via a secure phone application.
Tell me what you know about forthcoming data legislation?
The RICS have proposed a Professional Statement on Data Handling and Prevention of Cybercrime.
Proposed to cover best practices and mandatory obligations with which RICS professionals must comply with.
Proposed to address how surveyors capture, store and share data appropriately.
Where you collect and process personal data, what may you be legally required to do?
Tell individuals;
What information you have ?
What the information will be used for?
Which third parties you might share this information with (and why)
How long you will keep the information for
What legal rights they may have.
