Data Management

Question 1

What does the term ‘Confidentiality’ mean?

Answer 1

Keeping information private and secure

Preventing unauthorized access or disclosure

Not sharing that information without permission

Question 2

How is data management governed and legislated in the UK?

Answer 2

Data Protection Act 1998
GDPR
Freedom of Information Act 2005
NDAs

Question 3

What is the Data Protection Act?

Answer 3

The UK’s primary legislation governing how personal data is handled

It sets out rules for collecting, storing, and using personal information to protect individuals’ privacy

The Act ensures that data is processed fairly, lawfully, and transparently

Question 4

What is the difference between the Data Protection Act 1998 and updated 2018 Act?

Answer 4

The main difference is that the 2018 DPA incorporates GDPR into UK statue

Question 5

What is GDPR?

Answer 5

General Data Protection Regulations

An EU directive, which came into enforce in the UK in May 2018 - GDPR governs use of personal data and applies to all companies holding personal data

The key principles of GDPR are:-
- Consent (explicit consent) is required to gather personal data
- You must delete personal data you are no longer using for its original purpose
- People can revoke their consent, and you must comply
- You have 72 hours to notify of a data breach
- You need a Data Protection Officer

Question 6

What are the 8 Individual Rights under UK GDPR?

Answer 6

1. Right to be informed
2. Right to access
3. Right to rectification
4. Right to erasure
5. Right to restrict processing
6. Right to data portability
7. Right to object
8. Right to automated decision making and profiling

Question 7

What are penalties for GDPR breaches?

Answer 7

Heavy fines for worst offences - up to 4% of annual global turnover (max. £17.5m)

Question 8

What are the key principles of the Data Protection Act 2018?

Answer 8

The act ensures that data is:-

• Used fairly, lawfully and transparently
• Used in a way that is adequate, relevant and limited to only the purpose it is intended
• Is retained for no longer than is necessary
• Processed securely including the protection against unlawful use, loss or destruction

Question 9

Who are the key persons outlined within GDPR?

Answer 9

The controller is the person or legal entity that determines the purposes and means of processing of personal data for example when processing an employee’s personal data, the employer is considered to be the controller

The processor is a person or legal entity that processes personal data on behalf of the controller for example a call centre acting on behalf of its client is considered to be a processor

The data protection officer (DPO) is a leadership role required by EU GDPR. This role exists within companies that process the personal data of EU citizens. A DPO is responsible for overseeing the data protection approach, strategy, and its implementation

Question 10

What is the Freedom of Information Act 2005?

Answer 10

This is the primary piece of UK legislation that controls the access to official information

The act permits the public right of access to information held by public authorities

The act covers all information held and not just information since the act came into effect

Question 11

What is a Non-Disclosure Agreement (NDA)?

Answer 11

A legally enforceable contract between two parties relating to sensitive information

The agreement will create a confidential relationship between a person with sensitive info, and a person who has access to that info

The party that was harmed by the breach of the NDA can take legal action to enforce the agreement and seek damages for any losses that were incurred

Question 12

What is your understanding of ‘Intellectual Property’ and ‘Copyright’?

Answer 12

This is the right to control the use and ownership of original works

Work generally created by an employee usually belongs to their employer unless copyrights are put in place

It is common within construction for a client to be granted license for use and reproduction of copyright material which should be clearly defined

This could be the right to use a particular design by a subcontracting specialist who retains control of the original copyright

Question 13

If two separate departments/surveyors within your firm were working for two rival clients how would you ensure client sensitive data was managed?

Answer 13

I would make the client aware of the risks involved and check their understanding of the conflict of interest, and I would ensure a letter of instruction to continue was obtained from the client

Possibly use an NDA
Exclusivity of staff would be arranged

Separate working locations from each of the teams would need to be put in place

Secure document and data storage would be arranged to be used exclusively for the separate teams.

Question 14

How do companies ensure compliance with the Data Protection legislation generally?

Answer 14

They should only retain data they need to perform their day-to-day operations

If they are retaining someone’s data they should ensure the person is kept informed and advised on why they have it

They should hold the data securely

They should also keep the information up to date and delete information they no longer need

Question 15

What are your company’s policies for data protection breaches?

Answer 15

Report to my line manager or the company’s data protection officer

Question 16

How do you store data securely? What does TFT do?

Answer 16

It is essential that data is kept safe from corruption and that access to it is suitably controlled to ensure privacy and protection

At TFT we have:-
- Two Factor Authentication to access secure information
- Regular software updates to ensure the latest security & anti-virus software
- Annual compliance training
- Staff training with spotting Phishing emails (spam)
- Director approval to be granted access to email inboxes and sharepoints for specific projects

Question 17

What different sources of information do you use in your day-to-day surveying?

Answer 17

I use trusted sources for the data I use, particularly cost information - such as previous tenders, BCIS, cost plans

Other sources include photographs, videos, RICS guidance documents, contract documents, industry journals

Question 18

How do you manage these sources of information to ensure compliance with the legislation?

Answer 18

If signed up to an NDA with a client I ensure complete confidentiality and am not able to talk about these projects with colleagues who are not party to the project

I ensure that the electronic information I used is kept securely on encrypted servers

I lock my computer when away from my desk and comply with my firms IT security policies for example attendance at Cyber security courses and regularly updating my passwords

If I am sharing or processing information not available in the public domain from a previous project I always obtain the clients written permission to do so

Question 19

What are the benefits of cloud-based storage systems?

Answer 19

Information is backed up securely on encrypted servers

Accessibility can be managed via online settings

Cloud systems are often cheaper than the costs of physically storing, sharing and managing files

Cloud systems are environmentally friendly

Multiple users can access the same documents

Question 20

What are the RICSs best practice guidance points for data management?

Answer 20

Conduct data review

Anonymise and encrypt data where possible

Understand data processing

Treat commercial data in the same as you would treat personal data although it is not covered by GDPR

Question 21

What does encryption mean?

Answer 21

It is a security mechanism where information or data is converted into a code, especially to prevent unauthorized access

Question 22

What is your understanding of the term ‘Meta Data’ and why is this important?

Answer 22

Meta Data is ‘data about data’

An example would be when sharing an excel document, the Meta Data associated with this could consist of information about the author, file size, date the document was created and keywords to describe the document

We must ensure that this Meta Data is afforded the same level of care as all other confidential data.
In a scenario where we are sharing a document or removing confidential components of a document
we should ensure that any confidential meta data is not shared inadvertently

Question 23

What is BIM?

Answer 23

Building Information Modelling
A collaborative process for creating and managing information for a construction project throughout its lifecycle

The aim is to improve co-ordination and efficiency

Benefits can include more effective operation and maintenance of a built assessment, optimised design