PE Data Management Flashcards
How can you ensure data security?
- Firewalls
- Password management (30 days)
- Don’t leave devices unattended
- Departmental drives
- Encryption
- Virus protection (even on mobile devices)
- Suspicious emails
- Sensitive browsing should be done on a device and network you trust
- Caution about social media sharing
- Back up data
- Monitor financial accounts
- Automatic updates
- Two-step verification
What is ransomware?
Malware that encrypts and threatens to destroy, remove access to, or publicly post data unless a victim makes payment, which often increases as time elapses
What is another name for CEO fraud?
Phishing
Whaling
What is phishing/whaling/CEO fraud?
A malicious attempt to acquire sensitive information by masquerading as a trustworthy source via email, text or pop-up message, or to coerce an employee into making a money transfer
What % of data breaches is it estimated that a company’s own employees may account for?
50%
What is EDM?
Electronic Document Management
What does EDM do?
Collection of technologies that work together to provide a comprehensive solution for managing electronic assets
Copyright?
Author of original work has exclusive rights to control distribution of work
Can copyright be licensed, assigned or transferred?
Yes - it is an intellectual property right
Who would usually own the copyright of a valuation report?
The surveyor, the client is licensed to copy it in connection with the purpose
What key legislation relates to data protection in the UK?
Data Protection Act 2018
What does GDPR stand for?
General Data Protection Regulation
What is the purpose of GDPR?
Provide data protection rights to individuals and harmonise data privacy laws across Europe
Does the Data Protection Act 2018 build upon the DPA 1988 principles?
Yes
What does the DPA 2018 apply to?
Data controllers and processors
What is the definition of a data controller?
Entity that decides the purpose and manner that personal data is used, or will be used
Do you need to comply with GDPR and the DPA 2018 as a surveyor?
Yes - most UK property firms process personal client data
Can someone ask you to tell them what personal data you hold about them?
Yes
Could a Professional Indemnity Claim be based on lost or corrupted data?
Yes
Should you delete data when you no longer require it?
Yes
What data is affected by GDPR and the DPA 2018?
- Personal data, including personal data and identifiers such as IP address
- Sensitive personal data, including genetic and biometric data
- Electronic data
- Manual data, e.g. business cards and written records
What are the personal data principles of GDPR and the DPA 2018?
Processed lawfully, fairly and in a transparent manner
Adequate, relevant and limited to what is necessary in relation to the purposes for which they are procesed
Processed in a manner that ensures appropriate security of the personal data
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
Kept in a form which permits identification of data subjects for no longer than is necessary
What individual rights exist? (GDPR and DPA 2018)
Right to be informed
Right of access
Right to rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object
Rights in relation to automated decision making and profiling
How long do you have to report a data breach to the ICO? (Information Commissioner’s Office)
Within 72 hours of awareness
What does the Data Protection Bill 2017 do?
Amend GDPR in the UK, relating to academic research, financial services and child protection
What do the Privacy and Electronic Communication Regulations 2003 (amended 2016) relate to?
Extra data protection rules for e-communicators e.g. consent for marketing emails and texts
What legislation specifically relates to data held by public bodies?
Freedom of Information Act 2000
How must a request be made by a member of public under the Freedom of Information Act 2000?
In writing
How long does the public body have to respond to a Freedom of Information Act 2000 request?
20 days
Does the public body have to respond to a Freedom of Infromation Act request 2000?
Yes - either within the information (plus a charge for processing) or refusal (with an explanation)
Are there any exemptions under the FOI Act 2000?
Yes - too expensive to provide, unreasonable, not in the public interest
What legislation relates to the disposal of old files?
Limitation Act 1980
How long do you need to keep old files for?
At least 6 years, 12 if a deed (ideally 15 for PII reasons)
What is an AVM?
Automated Valuation Model
What does an AVM do?
Combine mathematical modelling and a database to provide property valuations