*EP APC Data Management Flashcards
What is GDPR 2016?
- General data protection regulation
- Relates to personal data
- Aims to create a single data protection regime for anyone doing business in the EU and to empower individuals to take control of how their data is used by third parties
- Gives people stronger rights to be informed about how their personal information is used
Came into force May 2018
Fines under GDPR?
The UK GDPR and DPA 2018 set a maximum fine of
£17.5 million or 4% of annual global turnover – whichever is greater –
for infringements
What are the principles of GDPR?
- Information processed lawfully, fairly and transparently.
- Collected for legitimate reasons
- Must be relevant
- Must be accurate
- Must not be kept for longer than necessary
- Processed securely
What are the 8 rights of GDPR?
- Informed - Before data is collected, a data subject has the right to know how it will be collected, processed, and stored, and for what purposes.
- Access – After data is collected, a data subject has the right to know how it has been collected, processed, and stored, what data exists, and for what purposes.
- Correction - A data subject has the right to have incorrect or incomplete data corrected.
- Erasure - A data subject has the right to have personal data permanently deleted.
- Restrict - A data subject has the right to block or suppress personal data being processed or used.
- Data Portability -
What is the UK GDPR?
The UK left the EU on December 31, 2021.
After Brexit, the UK is no longer regulated domestically by the EU’s General Data Protection Regulation (GDPR), which governs processing of personal data from individuals inside the EU.
Instead, the UK now has its own version known as the UK-GDPR (United Kingdom General Data Protection Regulation).
The new UK-GDPR took effect on January 31, 2020.
What is the Data Protection Act 2018?
UK’s implementation of GDPR.
Complete data protection system, governs personal data as well as all other data previously covered within the 1998 Act.
Amended 1st January 2021 to reflect Brexit.
What is the Freedom of Information Act 2000?
Gives individuals the rights to access information held by public bodies
- Public body must tell an individual requesting information whether it holds the information.
- Required to provide the information within 20 working days.
- It can charge for the provisoin of the information
- Maximum disclosure: Freedom of information legislation should be guided by the principle of maximum disclosure
- Obligation to publish: Public bodies should be under an obligation to publish key information
- Promotion of open government: Public bodies must actively promote open government.
- Limited scope of exceptions: Exceptions should be clearly and narrowly drawn and subject to strict “harm” and “public interest” tests.
- Processes to facilitate access: Requests for information should be processed rapidly and fairly and an independent review of any refusals should be available.
- Costs: Individuals should not be deterred from making requests for information by excessive costs.
RICS documents for Data Handling?
Proposed RICS Professional Statement on Data Handling and the Prevention of Cyber Crime.
Address how surveyors collect, store and use data.
Address cyber risks posed by modern ways of working including portable devices.
When did GDPR come into force?
25th May 2018
What are the key requirements under GDPR (obligation, rights, appointment/responsibilities, accountability)?
- Obligation to conduction data protection impact assessments for high risk holding of data
- New rights for individuals to have access to information on what personal data is held and to have it erased
- A data controller decides how and why personal data is processed and is directly responsible for GDPR
- ‘Data accountability’ ensuring that organisations can prove to the Information Commissioners Office (ICO) how they comply with the new regulations
What are the exemptions from the Freedom of Information Act 2000 (protection, prejudicial circumstances (2))?
- Contrary to the GDPR requirements
- It would prejudice a criminal matter under investigation
- It would prejudice a person’s/organisation’s commercial interest
What are automated valuation models (AVMs), and when typically used?
- Software systems which can provide property valuations using mathematical modelling combined with a database
- They are most used for residential property
- By lenders for the loan origination process or subsequent revaluation for credit decision purposes�
- In-arrears assessment and planning
What are the advantages of using AVMs (data, practical benefits, lack of human interaction), and therefore useful for what particular type of asset instruction?
- Able to consider a larger number of data points than a traditional valuation approach
- Saves time, money and resources
- Removes any human bias or subjectivity
- Useful for assessing the value of a property portfolio
can be built into existing electronic valuation processing platforms, to support lower-risk lending decisions�
What are the disadvantages of using AVMs (physical, logic, data limitation)?
- Do not take into account property condition (valuation assumes an average condition as an inspection does not occur)
- Does not take into account nuanced factors such as the view or level of street noise
- Use transactional data which may lag the actual market i.e. cannot include evidence from properties which might be under offer
Lack of quantity and quality of good comparable data could lead to a valuation with a low confidence level.
What do you understand by the term security of data?
Data security is the practice of protecting digital information from unauthorized access, corruption, or theft throughout its entire lifecycle.
How can security of data be improved (E, BU, PP, AV, FW, DRP)?
- Disk encryption - encrypting data on a secure hard disk drive
- Regular back ups off site
- Password protection
- Use of anti-virus software protection
- Firewalls
- Disaster recovery procedures
Delete redundant data
What does copyright mean, what form of property are they and what 3 things can you do with them?
- A set of exclusive rights granted to the author or creator of any original work, including the right to copy
- These rights can be licensed, assigned or transferred
- Form of intellectual property
What is a deed?
A legal document made under seal
How can you prove ownership of land which is not registered with the Land Registry?
The Deeds will set out information about the ownership and details of a property
What do the Land Registry provide upon request and payment?
Copy of the official Title Register for registered property or land in the UK
What does Title indemnity insurance cover/protection provided, and how paid?
- Protects a party for any claim arising from the title of a property e.g. title defects, restrictive covenants and easements
- Paid as a one-off premium
Legal indemnity insurance covers the buyer and the mortgage lender in the event of any loss of value on the property as a result of the defect. The indemnity policy doesn’t actually remedy the defect - it just provides financial compensation in the event of the defect causing a loss.
can indemify against restrictive covenants, lack of planning/regs, non certified boiler and windor installation.
What are restrictive covenants, and who has enforcement rights/why?
- Agreement to restrict the use of land in some way for the benefit of other land users
- They are enforceable by successors as they run with the land
How can a restrictive covenant be removed, and is it straightforward?
Make an application to the Upper Tribunal (Lands Chamber) but the grounds for discharge are very strict
What are the RICS Data Standards (RDS), 2018/what set out/to support what/address what?
- Set of standards to support the capture, verification and sharing of data in a common format
- They address issues of digital data consistency
The benefits of sharing data can be seen across the sector, allowing market transparency, improved productivity and insights to share with our clients to win business and positively impact the built and natural environments around us.
What data are the RICS Data Standards, 2018 already available for (2)?
- International Property Measurement Standards (IPMS)
- International Construction Measurement Standards (ICMS)
What does the colour coding on Title Plans represent (Red/Green lines, Green/Blue/Orange shading)?
- Red Line – boundary of registered land
- Green Line – boundary of land removed from title
- Green Shading – land excluded from the title but within area
- Blue shading – right of way on registered land for use by other land
- Orange shading – right of way on other land for use by registered land
What is included in a Land Registry title register
(Part A, D, T, D, R,
Part B, N/A O, D, PP, R,
Part C, M/F, ROI/L)?
- A: Property register - description of the property, tenure, the date the property was first registered and any rights it may benefit from e.g. private right of way
- B: Proprietorship register - name and address of the current owner, when they bought the property, how much was paid for it (if sold since 1 April 2000 (2002?)), any restrictions that limit the power of the owner and the class of the title
- C: Charges register - mortgages and other financial burdens received on the property. Other rights or interest that limit how the land or property can be used e.g. leases, rights of way or covenants
What is a SAR, right provided?
- Subject access request
- Gives individuals rights to request any ‘personal data’ held on them. This right is a principle of GDPR
What is “personal data” as defined by GDPR?
Personal data are any information which are related to an identified or identifiable natural person e.g. the telephone number, email address
What professional statement is the RICS planning on releasing relating to the encryption of data and use of cloud-based storage facilities?
Data Handling and Prevention of Cybercrime, 2020
Give me an example of a property information tool (4).
Land registry, Rightmove, Zoopla, Lonres
What are the limitations of primary/secondary data sources?
Primary data refers to the first hand data gathered by the researcher himself. Secondary data means data collected by someone else earlier.
- Primary data more likely to be subject to human error
- Secondary data, likely to be outdated before you get it therefore, requires validation before reliance on it.
What is the difference between a deed and registered title (goal scorer/assist)?
Title - is the legal way of saying you own a right to something. For real estate purposes title refers to the ownership of the property, meaning you have the rights to use that property. (Goal scorer)
Deeds - are the legal documents that transfer to title from one person to another. (Assist).
What is a TR1?
Land registry TR1 form is a formal land registry document which literally transfers the legal ownership of a property from one party or parties to another party or parties.
What other measures can you use to ensure the protection of data transfer (TLS/SSL, authentication, homeworking storage)?
- TLS (Transport Layer Security)
- SSL (Secure sockets layer)
- Implement two-factor authentication where access to client data and personal data is deemed a significant security risk.
- The use of VPNs for homeworking rather than storing data on personal devices
What does encryption mean?
The process of converting information or data into a code, especially to prevent unauthorised access.
What is a firewall?
In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet.
What are the main methods of primary and secondary data collection?
Primary Data is collected directly from the source and Secondary is historic or collected from a third party.
What are the differences between quantitative and qualitative research?
qualitative research generates “textual data” (non-numerical).
Quantitative research, on the contrary, produces “numerical data” or information that can be converted into numbers
What must you do re. email communications to comply with GDPR?
Emails that show other recipients email addresses are in breach of GDPR.
Outline the 4 typical cybercrime types.
Phishing
Ransomware
Malware
Identity theft
How is data managed and protected in your firm?
- Secure document storage
- Back up of documents
- Process for sharing documentation
- Formatting and standardisation of reports
What things must companies put in place to ensure GDPR compliance?
- Raise awareness across your business
- Audit all personal data
- Update your privacy notes
- Review your procedures supporting individuals rights
- Identify and document your legal basis for processing personal data under he GDPR
- Review how you seek obtain and record consent
What are the key requirements of the Data Protection Act 2018?
- Obligation to conduct data protection risk assessment
- Rights to individuals to have access to information on what personal data is held and what is erased.
- A data controller decides how and why personal data is processed.
- NEW REG - ‘data accountability’ ensuring organisations can prove to the ICO (Information Commissioner’s Office how they comply with the new regulations.
What happens if there is a data breach?
Inform ICO within 72 hours when there is a loss of personal data and and a risk of harm to individuals
What is a Non-Disclosure Agreement?
A contract by which one or more parties agree not to disclose confidential information that they have shared with each other as a necessary part of doing business together. e.g. accounting and financial stability of a company.
What will the RICS Professional Statement ‘Data Handling and Prevention of Cybercrime’. address?
- encryption of protect data on portable devices
- best practice when using cloud based storage facilities
- ensuring appropriate data handling policies are in place in the event of a data breach or malware attached.
This is being put in place to protect a firm from serious reputation damage and financial loss.
What are RICS sources of data?
Professional statements - Red book, conflict of interest…
Guidance notes - Comparable evidence…
Isurv
Modus
Rics.org
What is data?
Information, normally facts and numbers, collected and used for decision making/analysis
How does AWH protect its data?
We have a ‘server’ which requires a dual authenification log in
- Password
- DUO log in - secondary confirmation alert to a separate device
How long should data be held for?
Most guidance points to 6 years however could be assessed on a case by case basis and depending on what is reasonable with regard to agreements with the client, and potential litigation.
