DATA MANAGEMENT

Question 1

What is your understanding of the term Confidentiality?

Answer 1

• Where information is provided but is subject to confidence and not to be shared without permission.

Question 2

What is Meta Data? Give examples

Answer 2

• Meta Data is information about a specific piece of data.
• Eg file size, creation date and author

Question 3

What is your understanding of Intellectual Property and Copyright?

Answer 3

• IP
• This is a set of rights to control the use and ownership of original works.
• Copyright
• Type of IP that specifically protects the a piece of work and the rights to copy or use it
• Work generally created by an employee usually belongs to their employer unless copyrights are put in place.

Question 4

What is the Freedom of Information Act 2000?

Answer 4

• Primary UK legislation that controls the access to official information.
• Act permits the public right of access to information held by public authorities.
• Information must also be published through the public authorities’ publication scheme.
• The act covers all information held and not just since the act
• enacted in 2000 and brought into effect in 2005

Question 5

What are the benefits of cloud-based storage systems?

Answer 5

• Information is backed up securely on encrypted servers.
• Accessibility can be managed via online settings.
• Often cheaper than physically storing and managing files.
• Convenient to send and share files online
• Multiple users can access the same documents.
• Documents and folder systems can be synchronized

Question 6

What is NDA?

Answer 6

• Non-Disclosure Agreement
• Legal contract between at least two parties that outlines confidential material, to protect against the disclosure or sharing of any confidential data.
• Used by clients to make sure commercially sensitive information is not shared

Question 7

If two separate departments within your firm were working for two rival companies how would you ensure client sensitive data was managed?

Answer 7

• Make the client aware of the risks involved and check their understanding of the conflict of interest.
• Ensure informed consent was obtained
• Exclusivity of staff would be arranged.
• Use of NDA’s would be considered.
• Separate working locations
• Secure document and data storage would be arranged
• Dedicates servers
• Restricted access to certain folders on the system

Question 8

What is the Data Protection Act 2018?

What does it aim to create? What right does it give people?

Answer 8

• UK’s implementation of the General Data Protection Regulation 2016 (GDPR)
• Aims to create a single data protection regime affecting businesses, and empower individuals to take control of how their data is used by third parties.
• It gives people the right to be informed about how their personal information is used.

Question 9

What are the key Principles of the Data Protection Act 2018? Ensures data is …

Answer 9

• The act ensures that data is:-
  o Used fairly, lawfully and transparently.
  o Used in a way that is adequate, relevant and limited to only the purpose it is intended.
  o Is retained for no longer than is necessary.
  o Processed securely including the protection against unlawful use, loss or destruction.
  -

Question 10

Who are the key persons outlined within GDPR? X3

Answer 10

• Controller
• The controller is the natural person or legal entity that determines the purposes and means of the processing of personal data
• EG when processing an employee’s personal data, the employer is considered to be the controller.
• Processor
• A person or legal entity that processes personal data on behalf of the controller
• EG a call centre acting on behalf of its client is considered to be a processor.
• Data Protection Officer (DPO)
• The Data Protection Officer is a leadership role required by EU GDPR. This role exists within companies that process the personal data of EU citizens. A DPO is responsible for overseeing the data protection approach, strategy, and its implementation.

Question 11

What are the 8 individual/ personal rights under GDPR?

Answer 11

• The right to be informed.
• The right of access.
• The right of rectification.
• The right to erasure.
• The right to restrict processing.
• The right to data portability.
• The right to object.
• Rights of automated decision making and profiling.

Question 12

What different sources of data do you use in your day-to-day surveying?

Answer 12

• Valuation data.
• Comparable Data
• Personal Data
• Planning Data
• Land Registy Data

Question 13

How do companies ensure compliance with the Data Protection legislation generally?

Answer 13

• Only retain data they need to perform their day-to-day operations.
• If retaining someone’s data they should ensure the person is kept informed and advised on why they have it.
• Hold the data securely.
• Keep the information up to date and delete information no longer need

Question 14

Can you share information obtained from Land Registry?

Answer 14

• Yes, this is a publicly accessible source of data

Question 15

How can you secure data?

Answer 15

• Firewalls
• Password
• Disk Encryption
• Secure device
• Backup data
• Two-step verification

Question 16

What do you understand to be personal data?

Answer 16

• Personal data
• Data that relates to an identified or identifiable individuals.
• Includes name, IP address, address, date of birth, etc.
• This is applicable to me when collecting details of intrested parties on L&L and P&S instructions

Question 17

What is a AVM? And what does it do?

Answer 17

• Automates valuation model.
• It combines mathematical modelling and a database to provide property valuations.

Question 18

Under the Freedom of Information Act 2000, how are requests made? And how long to respond?

Answer 18

• Requests must be made in writing.
• 20 days to respond.

Question 19

Who does GDPR apply to?

Answer 19

• Data controllers and processors

Question 20

How long do you have to report a data breach to the ICO? And what does ICO stand for?

Answer 20

• 72 hours
• Information Commissioner’s Office

Question 21

If you left your laptop with sensitive clients’ information on a train what steps would you take in house and with your client?

Answer 21

• Immediately notify my IT department.
• Report to the police.
• Notify my client of the incident and what my IT department has done to encrypt the data, etc.

Question 22

What is a technical library and how are they used?

Answer 22

• A digital library maintained by a company containing project documentation.

Question 23

What challenges did Covid bringing to Data Management?

Answer 23

• Training people to use digital libraries and document storage facilities

Question 24

Under the Freedom of information Act 2000 what are the grounds of refusal? Who is responsible for regulating and enforcing?

Answer 24

• The Act gives everyone a legal right to see information held by public bodies (elected members, council employees, any person handling data on behalf of the council including consultants, volunteers, contractors and suppliers).
• Council can refuse to provide information if:
  o It would cost too much or take too much staff time to deal with request
  o The request is vexatious
  o Repeat request
  o Meets an exemption under the Act - EG court proceedings or information provided in confidence
  o The information constitutes personal data about its employees
• The Information Commissioner’s Office (ICO) is responsible for regulating and enforcing the Act.

Question 25

What are the two types of data regularly used and where is it stored?

Answer 25

* Personal data - held in a secure file location * Technical data - held on a central project data base

Question 26

What data is affected by GDPR?

Answer 26

* Personal data * sensitive data * electronic data * manual data

Question 27

What are the external sources of cost data?

Answer 27

* SPONS * BCIS

Question 28

Why do some people not trust benchmarking?

Answer 28

* Using old data that is not live to the market, just updated

Question 29

What is big data?

Answer 29

* Big data is the term used to describe the collection of data and analysis to produce a useful output.

Question 30

Can you name any sources of data run by RICS? And what is it?

Answer 30

* BCIS * Building Cost Information Service * Database of construction costs and indices which is populated by the users

Question 31

What date was UK GDPR introduced?

Answer 31

* 2020

Question 32

Can you name any RICS Guidance on data?

Answer 32

* RICS Use of Social Media guidance for members June 2021

Question 33

What is GDPR? Who introduced it?

Answer 33

* General Data Protection Regulation * It is a legal framework that sets guidelines for the collection and processing of personal information * Introduced by the EU

Question 34

What type of data does GDPR concern? * What does it aim to create? * What rights does it give people? * Who does it apply to?

Answer 34

* Relates to personal Data * Aims to create a single Data Protection regime for anyone doing business in the EU and to empower individuals to take control of how their Data Is used by third parties * Gives people stronger rights to be informed about how their personal information Is used * Applies to 'controllers' and 'processors'. * Controller = determines the purposes and means of processing personal data. * Processor = responsible for processing personal data on behalf of a controller.

Question 35

Under GDPR what grounds must be identified? * Limited to? * How long must you keep it for?

Answer 35

* You must identify valid grounds under the GDPR (known as a 'lawful basis') for collecting and using personal data * limited to what is necessary - you do not hold more than you need for that purpose. * You must not keep personal data for longer than you need it

Question 36

How long do you need to keep data for?

Answer 36

* 6 years - if the contract is signed underhand * 12 years - if the contract is signed as a deed * However: * 15 years - recommended time as this is the maximum length of time a claim can be made against professional negligence

Question 37

How do your store data in your organisation?

Answer 37

* Cloud storage systems - OneDrive

Question 38

How does your company ensure compliance with the Data Protection Regulations generally?

Answer 38

* Only retain data that is needed to perform day-to-day operations. * Ensure the person is kept informed as to why they have it. * They hold data securely.

Question 39

Comparable Evidence Databases - what have you used for? where is the info from? What is important regarding this?

Answer 39

* Complied comparable evidence schedules for rent reviews, lease renewals, sales and disposals, and valuations * Obtain info from databases such as CoStar and Radius - combination of land registry data and User generated data * Confirm this information where possible

Question 40

when have you used Land Registry?

Answer 40

I download leases, title plans and title deeds from the land registry

Question 41

GMW Website - what legislation does it adhere to and how?

Answer 41

We adhere to the GDPR and the Data Protection Act 2018 as people must enter themselves onto the database, as individuals must give their consent to be on databases.

Question 42

What makes information sensitive?

Answer 42

* Confidentiality- Personal data, financial details, propriety info * Privacy concerns- personal safety risk * Commercial or competitive value- Business info that could harm an organisation's position or operations if leaked. * Security risk- passwords, sensitive gov or military info

Question 43

What would you do if you accidentally send out personal details to another applicant?

Answer 43

* Call/follow up email telling them to delete the information without opening it * Inform the Data Handeling Officer (who may inform ICO within 72 hours), * Let the person whose data was breached know

Question 44

What are the elements of a Non-Disclosure Agreement (NDA)?

Answer 44

* Identification of the parties * Definition of what Is deemed to be confidential * Scope of the Confidentiality obligation by the receiving party * Exclusions from confidential treatment * Length of term of the agreement

Question 45

What does Crown Copyright cover? Give examples

Answer 45

* All materials created and prepared by the Government * EG - Laws, public records, official press releases and OS mapping

Question 46

What are the RICS Data Standards, 2018? What issue do they address?

Answer 46

* Set of standards to support the capture, verification and Sharing of Data in a common format * Address issues of digital data consistency

Question 47

How do you manage sources of information for compliance?

Answer 47

* Ensure confidentiality under NDA * Use secure document storage * Lock computer when away * Obtain written permission for sharing non-public information

Question 48

What should a surveyor do if they accidentally find out confidential information about a non-client?

Answer 48

Inform the client and sender, and record the matter in a note to the firm's compliance officer

Question 49

What is your understanding of the term Confidentiality?

Answer 49

* Confidentiality is where information is protected from unauthorised access or disclosure. * Agreements such as NDA can ensure that sensitive data can only be accessed by those who are authorised to do so. * They restrict who can view information and prevent it from being accessed or shared