What should be considered when sourcing data?
When accessing data, it is essential to consider the reliability of the source and associated risks; where possible, you should verify data against an alternative source through ‘triangulation’
How do you store data securely? What does Colliers do?
It is essential that data is kept safe from corruption and that access to it is suitably controlled to ensure privacy and protection.
Data security technologies include:
- Disk encryption - encrypting data on a secure hard drive disk.
- Regular back ups off site.
- Password protection and use of anti-virus software protection.
- Firewalls and disaster recovery procedures.
At Colliers we have:
- Two Factor Authentication to access secure information
- Regular software updates to ensure the latest security & anti-virus software
- Firewalls
- Staff training with spotting Phishing emails (spam)
- Password protection for data systems / dashboards / platforms
- Line manager / Director approval to be granted access to email inboxes.
What are Copyrights?
- A set of exclusive rights granted to the author or creator of any original work, including the right to copy.
- These rights can be licences, assigned, or transferred.
- Form of intellectual property.
- Crown Copyright refers to all material created and prepared by the Government e.g., laws, public records, official press releases etc.
- It is essential to acknowledge any copyright for information duplicated in your work.
What is the UK General Data Protection Regulation and the Data Protection Act 2018, and what are the key requirements and penalties for non compliance?
- The EUs GDPR no longer applies in the UK, but was almost entirely transcribed into the UK GDPR in 2016 - it is covered by the Data Protection Act 2018.
- Aims to create a single data protection regime affecting businesses, and empower individuals to take control of how their data is used by third parties.
It gives people rights to be informed about how their personal information is used.
Requirements:
- Obligation to conduct data protection impact assessments for high risk holding of data.
- New rights for individuals to have access to info on what personal data is held and to have it erased.
- Data controller decides how / why personal data is processed and is directly responsible for GDPR
- New principle of ‘data accountability’ ensuring that organisations can prove to the Information Commissioner’s Office (ICO) how they comply with the new regulations.
- Data security breaches need to be reported to ICO within 72 hours where there is a loss of personal data and a risk of harm to individuals.
- Fines up to 4% global turnover of the company or £17.5m (whichever greater)
- Policed by ICO.
What are some of the principles of the UK GDPR?
Article 5(1) Principles relating to storage of personal data states data must be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals.
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary for the purposes for which they are processed.
- Accurate, where necessary kept up to date - reasonable steps taken to ensure inaccurate data is erased or rectified.
- Kept in a form which permits identification of data subject for no longer than is necessary.
- Processed in a manner that ensures appropriate security of the personal data e.g., against accidental loss & unauthorised processing
Article 5(2) requires that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles”.
What are the 8 Individual Rights under UK GDPR?
- Right to be informed
- Right to access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Right to automated decision making and profiling
What is the Freedom of Information Act 2000?
Gives individuals right of access to information held by public bodies.
- The public body must tell any individual requesting sight of information whether it holds it.
- Normally the public body is required to supply it in 20 working days in the format requested.
- It can charge for the provision of the information.
What is a Non-Disclosure Agreement (NDA)?
- A legally enforceable contract between two parties relating to sensitive information.
- The agreement will create a confidential relationship between a person with sensitive info, and a person who has access to that info.
- The party that was harmed by the breach of the NDA can take legal action to enforce the agreement and seek damages for any losses that were incurred.
- The duration of NDAs typically range from 1-5 years, depending on specific needs and circumstances of the agreement.
What would you do if there was a data security breach and what are the penalties for breaching the Data Protection Act 2018?
If there was a data security breach, I would inform the ICO within 72 hours.
The penalty for breaches are either 4% of the global turnover, or £17.5m, whichever is greater.
What is triangulation?
Triangulation in data management refers to a research strategy where multiple datasets, methods / theories, investigations are used to address a research question.
By doing so, researchers aim to enhance the validity and credibility of their findings and mitigate any potential research biases.
What are the benefits of a cloud based storage system?
- Information is backed up securely on encrypted servers.
- Accessibility can be managed via online settings.
- Cloud systems are often cheaper than the costs of physically storing and managing files.
- Its convenient to send and shared files online instead of mailing physical copies.
- Cloud systems are environmentally friendly.
- Multiple users can access the same document and work in real time.
- Documents and folder systems can be synchronised.
Who are the key persons outlined within GDPR?
Controller
The natural person or legal entity that determines the purposes and means of processing of personal data (e.g., when processing an employee’s personal data, the employer is considered to be the ‘controller’).
Processor
The natural person or legal entity that processes personal data on behalf of the controller (e.g., a call centres acting on behalf of its client) is considered to be a processor. At time, a processor is also called a third party.
If two separate departments within your firm were working for two rival companies, how would you ensure client sensitive data was managed?
- Make client aware of the risks.
- Conflict of Interest
- Letter of instruction to continue.
- Exclusivity of staff
- NDAs
- Single Communication Lines into client.
- Separate working locations
- Secure storage.
What things must companies put in place to ensure GDPR compliance?
- Raise awareness across your business.
- Audit all personal data.
- Update your privacy notice.
- Review your procedures supporting individuals’ rights.
- Identify and document your legal basis for processing personal data under GDPR.
- Review how you seek, obtain and record consent.
What are the principles of data management?
- Accuracy, consistency and reliability.
- Transparency and trust
- Accountability - data ownership
- Storage limitation
- Confidentiality
Comparable Evidence Data Searches example:
You mentioned that you researched data on platforms such as CoStar.
Other than third-party websites, how else could you check the information?
To verify the information I could check the accuracy of the data with the relevant agent. I would have to trust and rely that the surveyor was acting in accordance with the Rules of Conduct and ethically.
Portfolio Data Management example:
What is Portfolio Expert?
A web based platform to manage accountancy and property management data such as leases, inspection pro-forma’s, financial information, current and historical issues relating to the property etc.
The platform is accessible by the client, so they can see live updates on ongoing matters.
Portfolio Data Management example:
What is CoStar Real Estate Manager?
A third-party web based platform to manage and store financial and lease information, including analytical dashboards to show portfolio wide data.
