Data Mangement Flashcards
What does confidentiality mean?
Information is provided but the topic cannot be shared without permission.
What is Meta Data?
It is information about a specific piece of data.
E.g. when sharing a valuation report, the meta data would be file size, author and date of creation.
This data must have same level of care as other confidential data.
What is intellectual Property and Copyright?
The right to control of original work.
When working for an employer, employee work usually belongs to the employer unless copyrights are in place.
What is the Freedom of Information Act 2005?
UK’s primary legislation controlling access to official information.
Permits public right of access to information held by public authorities.
Information must also be published through the public authorities publication scheme.
What is the benefit to using a cloud-based storing system?
- Info is backed up on encrypted servers so is secure
- Accessibility settings can be managed easily online
- Cheaper to store than storing documents physically
- Easier to share files than mailing
- More environmentally friendly
- More than one user can access at a time.
What is a NDA?
Non-Disclosure Agreement
They protect against sharing confidential data
Prior to work being undertaken, client ay request signing of NDA
Can prevent competitors using intellectual property.
What would you do if two rival companies were working with two separate departments in your firm?
Make clients aware of the risks to check their understand of COI
Letter of agreement to continue needs to be received from client
Exclusivity of staff would be arranged
May look to use NDA’s
Look to have separate working locations for each team to prevent cross over
Securely store documents so each team had designated store.
Tell me about the Data Protection Act 2018
Replaces 1998 legislation and manages how personal data is processed by organisations
and the government.
It is the UK legislation for the implementation of the EU General Data Protection Regulations
(GDPR).
4 key principles of the Data Protection Act 2018
Under the act data is used:
- Fairly, lawfully and transparently
- In a way that is adequate, relevant and limited to its intended use
- Retained for no longer than it is needed
- Processed securely, protecting against unlawful use and loss or destruction.
What are a person’s rights under the Data Protection Act?
- Be informed on how data being used
- Right to access their data
- Right to correct information
- Right to have data erased
- Stop or restrict processing of their data
- Right of portability
- Object to use of their data.
Key people under GDPR
Controller - natural person/ legal entity who determine the processing of personal data
e.g. processing an employee’s personal data, the
employer is considered to be the controller.
Processor - natural person/ legal entity who process data on behalf of the controller
e.g. call centre acting on behalf of its client is the
processor
Data Protection Officer - Leadership role required by EU GDPR. Exists in companies who process personal data of EU citizens. Oversees data protection approach and implementation.
Individual rights under GDPR
1) The right to be informed.
2) The right of access.
3) The right of rectification.
4) The right to erasure.
5) The right to restrict processing.
6) The right to data portability.
7) The right to object.
8) Rights of automated decision making and profiling.
9) Diversity, Inclusion & Team Working.
What sources of information do you use within your job?
- Previous tenders
- RICS Guidance notes
- Sales information
- Industry journals
- Valuation data
How do you manage information to ensure compliance with the legislation?
Electronic documents are kept securely on encrypted servers, and any physical information is kept locked and secure.
I correctly dispose of confidential documents/ sensitive information
If signed NDA, ensure I do not talk about this work with others not party to the project
Always lock my computer when away from my desk
Regularly attend Cyber security sessions with my work
Regularly update my passwords
If sharing or processing information not available in the public domain from a previous project I
obtain the clients written permission to do so.
Commissioners for Revenue and Customs Act (CRCA) 2005
The CRCA is the Act of Parliament that created HM Revenue and Customs in April 2005
Applies to all HMRC and sets out what use HMRC may make of its information and the specific circumstances when we may disclose that information.
Section 18 of CRCA makes clear that you must not give (‘disclose’) HMRC information to anyone, unless you have lawful authority to do so. This includes Other Government Departments and their agencies, local authorities, the police or any other public bodies.
Sections 17, 18 and 20 define when a HMRC member of staff has lawful authority to disclose information. These situations are outlined below.