PE Data Management

Question 1

How can you ensure data security?

Answer 1

1. Firewalls
2. Password management (30 days)
3. Don’t leave devices unattended
4. Departmental drives
5. Encryption
6. Virus protection (even on mobile devices)
7. Suspicious emails
8. Sensitive browsing should be done on a device and network you trust
9. Caution about social media sharing
10. Back up data
11. Monitor financial accounts
12. Automatic updates
13. Two-step verification

Question 2

What is ransomware?

Answer 2

Malware that encrypts and threatens to destroy, remove access to, or publicly post data unless a victim makes payment, which often increases as time elapses

Question 3

What is another name for CEO fraud?

Answer 3

Phishing
Whaling

Question 4

What is phishing/whaling/CEO fraud?

Answer 4

A malicious attempt to acquire sensitive information by masquerading as a trustworthy source via email, text or pop-up message, or to coerce an employee into making a money transfer

Question 5

What % of data breaches is it estimated that a company’s own employees may account for?

Answer 5

50%

Question 6

What is EDM?

Answer 6

Electronic Document Management

Question 7

What does EDM do?

Answer 7

Collection of technologies that work together to provide a comprehensive solution for managing electronic assets

Question 8

Copyright?

Answer 8

Author of original work has exclusive rights to control distribution of work

Question 9

Can copyright be licensed, assigned or transferred?

Answer 9

Yes - it is an intellectual property right

Question 10

Who would usually own the copyright of a valuation report?

Answer 10

The surveyor, the client is licensed to copy it in connection with the purpose

Question 11

What key legislation relates to data protection in the UK?

Answer 11

Data Protection Act 2018

Question 12

What does GDPR stand for?

Answer 12

General Data Protection Regulation

Question 13

What is the purpose of GDPR?

Answer 13

Provide data protection rights to individuals and harmonise data privacy laws across Europe

Question 14

Does the Data Protection Act 2018 build upon the DPA 1988 principles?

Answer 14

Yes

Question 15

What does the DPA 2018 apply to?

Answer 15

Data controllers and processors

Question 16

What is the definition of a data controller?

Answer 16

Entity that decides the purpose and manner that personal data is used, or will be used

Question 17

Do you need to comply with GDPR and the DPA 2018 as a surveyor?

Answer 17

Yes - most UK property firms process personal client data

Question 18

Can someone ask you to tell them what personal data you hold about them?

Answer 18

Yes

Question 19

Could a Professional Indemnity Claim be based on lost or corrupted data?

Answer 19

Yes

Question 20

Should you delete data when you no longer require it?

Answer 20

Yes

Question 21

What data is affected by GDPR and the DPA 2018?

Answer 21

1. Personal data, including personal data and identifiers such as IP address
2. Sensitive personal data, including genetic and biometric data
3. Electronic data
4. Manual data, e.g. business cards and written records

Question 22

What are the personal data principles of GDPR and the DPA 2018?

Answer 22

Processed lawfully, fairly and in a transparent manner

Adequate, relevant and limited to what is necessary in relation to the purposes for which they are procesed

Processed in a manner that ensures appropriate security of the personal data

Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes

Kept in a form which permits identification of data subjects for no longer than is necessary

Question 23

What individual rights exist? (GDPR and DPA 2018)

Answer 23

Right to be informed
Right of access
Right to rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object
Rights in relation to automated decision making and profiling

Question 24

How long do you have to report a data breach to the ICO? (Information Commissioner’s Office)

Answer 24

Within 72 hours of awareness

Question 25

What does the Data Protection Bill 2017 do?

Answer 25

Amend GDPR in the UK, relating to academic research, financial services and child protection

Question 26

What do the Privacy and Electronic Communication Regulations 2003 (amended 2016) relate to?

Answer 26

Extra data protection rules for e-communicators e.g. consent for marketing emails and texts

Question 27

What legislation specifically relates to data held by public bodies?

Answer 27

Freedom of Information Act 2000

Question 28

How must a request be made by a member of public under the Freedom of Information Act 2000?

Answer 28

In writing

Question 29

How long does the public body have to respond to a Freedom of Information Act 2000 request?

Answer 29

20 days

Question 30

Does the public body have to respond to a Freedom of Infromation Act request 2000?

Answer 30

Yes - either within the information (plus a charge for processing) or refusal (with an explanation)

Question 31

Are there any exemptions under the FOI Act 2000?

Answer 31

Yes - too expensive to provide, unreasonable, not in the public interest

Question 32

What legislation relates to the disposal of old files?

Answer 32

Limitation Act 1980

Question 33

How long do you need to keep old files for?

Answer 33

At least 6 years, 12 if a deed (ideally 15 for PII reasons)

Question 34

What is an AVM?

Answer 34

Automated Valuation Model

Question 35

What does an AVM do?

Answer 35

Combine mathematical modelling and a database to provide property valuations