Why is it important to verify data and how do you do it?
Important to understand where data comes from and its reliability. Verify against another source through data triangulation.
Who is CBRE’s data officer?
Charlie Parker
How to prevent data attacks?
Effective data storage and security
What are some of the different types of data attacks?
Cyberattack, phishing, ransomware and trojan
What is a cyberattack?
A malicious attempt to access, damage or steal data to cause financial harm or gain control of system
What is phishing?
Phishing is the practice of sending fraudulent communications that appear to come from a legitimate and reputable source with attempt for you to reveal sensitive data or download malware.
What is ransomware?
Ransomware is a type of malware which prevents you from accessing your device and the data stored on it, usually by encrypting your files. A criminal group will then demand a ransom in exchange for decryption.
What is a trojan?
Trojan is a type of malware disguised as legitimate software to trick users into installing it. Don’t replicate or infect other files like viruses or worms.
What are some different ways to secure data?
Disk Encryption, regular backups offsite, cloud storage, password protection, firewall, ant-virus software protection, multi-factor authentication and virtual private networks.
What is disk encryption?
Disk encryption is the process of converting readable data into an unreadable format. Encrypting entire contents of device’s inbuilt storage. Only decrypted when user accesses device.
What are regular backups off site?
Regular backups off site are replication of data to a secondary location.
What is cloud storage?
Cloud storage is saving and accessing data on remote internet servers rather than on local hardware. Environmentally friendly, multiple users can access same document and folders synchronised across devices.
What is password protection?
Protecting files using a password to prevent unauthorised access.
What is a firewall?
Firewall ensures protective barrier between internal and external networks. Filter data using specific security rules and can be hardware or software or both. Proactive.
What is anti-virus software protection?
Anti-virus software protection identifies, isolates, and destroys malicious software. Software based. Needs to be regularly updated. Reactive.
What is multi-factor authentication?
Multi-factor authentication combines passwords with one-time passwords.
What is a virtual private network?
Virtual private networks encrypt internet connections to ensure secure remote access.
What is copyright? What is the legislation?
- Copyright, Designs and Patents Act 1988.
- Copyright is a form of intellectual property where owner has the exclusive legal right that prevents people from copying, distributing and lending copies of your work.
- Can be licensed and used for set period of time or even exclusive licence (only one party can use it)
- Can be sold, called an assignment or transfer.
What is the aim of the Data Protection Act (2018)?
- Designed to ensure personal data is collected, stored and handled appropriately and responsibly to protect peoples privacy.
- Updated to prevent details being stored in an unsafe manner, sold to third parties or withheld from individuals unless data processing charges were paid and it being erased.
Who policies the Data Protection Act (2018)? What are some of the fines etc.
‘Regulation and Enforcement’ area ensures Information Commissioners Office have powers to enforce regulations.
Data security breaches need to be reported to ICO within 72 hours with details
Obligation to conduct data protection impact assessment for high risk holding of data.
Firms must have data accountability, so can prove to ICO how they comply.
Fines 4% of global turnover.
What are the principles of the Data Protection Act (2018)?
Principles, data should be:
1) Handled in lawful, transparent and fair manner
2) Gathered and stored for specific purpose, not ‘just in case’
3) Doesn’t include excessive/unnecessary details
4) Accurate and up-to-date
5) Not kept longer than needed
6) Sensitive information should maintain confidentiality
What are the 8 individual rights under the UK General Data Protection Regulation (GDPR)?
1) To be informed – collection, use and purpose
2) To access – copy of data
3) To rectification – inaccurate data updated
4) To erasure – deleted
5) To restrict processing
6) To data portability – obtain and reuse data for own purpose
7) To object
8) To automated decision making and profiling – not be subject to decision based solely on automated processing
What is the new piece of data legislation? What are some of things it covers?
Data (Use and Access) Act 2025
Clarification on subject access requests, when individuals request access and receive a copy of their data. Only reasonable and proportionate searches are necessary and ‘stop the clock’ rule if more information is needed from requester.
- Complaints procedure regarding use of personal data: Electronic complaint form and acknowledgement within 30 days.
- Child data protection and if service is likely used by children, how to use their data.
What is the Freedom of Information Act 2000
Controls access to official information
- Public have right to access information held by public bodies, without a reason
- Information can include emails, files, recordings or physical documents
- 23 exceptions listed , including royal family communications and could prejudice commercial interests.
- Authority will confirm in writing if they have any information on you and have to provide in 20 working days. Cost of postage not included.
