What measures are in place to ensure security of your electronic data?
It is stored on a hard drive which is password protected.
How do you store legal information in your office? How is this updated?
In the dealroom and on EFS – solicitors add new leases as and when.
Tell me about a report which you have prepared using a property information system?
Client monthly report. We extract arrears, tenancy schedules, lease events and health and safety risks.
What are the main principles of the Data Protection Act 1998 and the Freedom of Information Act 2000?
DPA – Act of Parliament of the UK, the aim is to protect personal data. Cannot use the data in a way which would cause damage/distress. Info must be made available to them within 21 days of request. Must be processed fairly and kept up to date.
FoIA – Act of Parliament that creates a public right of access to info held by public authorities e.g. NHS and schools.
What is encryption and firewalling?
Encryption is the process of encoding information in a way that only authorised people can read it.
Firewalling prevents unauthorised access to or from a private network.
How do you store legal information in your office? How is this updated?
Stored on a secure G:Drive and in hardcopy format in a labelled file. If for instance we are looking at acquiring a asset or we are disposing of an asset we would typically either have our IT department set up a secure extranet site with password and username, or have one set up by the lawyers. That was all the documentation is safely secured and can be accessed as and when it is needed.
What are the main principles of the Freedom of Information Act 2000?
It was fully implemented in 2005
The Freedom of Information Act gives individuals and organisations the right to see what information is held about them from any public authority.
All public authorities or companies owned by public authorities have obligations under the Act that when responding to requests, they have to follow a number of set procedures and provide the information in the requested format within 20 working days.
What are the exemptions of the Freedom of Information Act 2000?
- Opposing to the GDPR requirements
- It would be prejudice a criminal matter under investigation
- It would prejudice a personal / organisation’s commercial interest
What do you do once you have finished an instruction?
We have a file checklist which is in line with my firm’s Best Practice procedures. I will then prepare the file which is signed off by a partner, or whoever is leading the instruction and will be logged on a system and sent to archives. It is important that we keep records of all our files in case of any negligence claims in the future or any further involvement with the asset in the future. It is important to keep a detailed email trail.
Where would you obtain Title Documents?
You would get them from the Land Registry.
What is land registry?
The Land Registry can supply on request and a small payment a copy of the official register of title to the registered property or land in the UK.
What is on a Title Document?
- Address of the property
- Who owns the property or land
- The address of the owner
- The price paid / value states information if sold since April 2000.
- The boundaries of the site (shown on a title plan)
- Any restrictive covenants
- Any rights of way over the land.
What is the General Data Protection Regulation 2016 (GDPR) / Data Protection Act 2018?
- The Data Protection Act 2018 is the UK’s implementation of the GDPR
- The Act is a complete data protection system so as well as governing personal data covered by GDPR, it covers all the other general data as previously covered by the 1998 Act
- GDPR represents the largest change in data protection law across the EU to include the UK
- It came into force on 25th May 2018 and has replaced the Data Protection Act 1998
- It relates to personal data
- The act keeps principles of the DPA 98 but the obligations are more perspective and penalties greater
- It aims to create a single data protection regime for anyone doing business in the EU
- It empowers individuals to take control of how their data is being used by third parties
- It gives people stronger rights as to how their personal information is used
What are the key requirements of the General Data Protection Regulation 2018 / Data Protection Act 2018?
- An obligation to conduct data protection impact assessments for high risk holding of data
- New rights for individuals to access to information on what personal data is held and to have it erased
- A data controller decided how and why personal data is processed and is directly responsible for GDPR
- A new principle of ‘Data accountability’ ensuring that organisations must prove to the Information Commissioner’s Office (ICO) how to comply with new regulations
- Data security breaches must be reported to the ICO within 72 hours where there is a loss of personal data and risk of harm to individuals
- An increase of fines up to 4% global turnover of the company or 20 million euros (whichever is greater)
- Policed by the ICO
What are the principles of the of the General Data Protection Regulation 2018 / Data Protection Act 2018?
Per Article 5(1), principles relating to the storage of personal data states that data must;
* Processed lawfully, fairly and in a transparent manner to individuals;
* Collected for specific, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
* Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they to be accessed
* Accurate and where necessary kept up to date
* Every reasonable step taken to ensure that inaccurate personal data are erased or rectified without further delay- having regard for the purpose for which they are processed
* Kept in a form which permits identification of data subject for no longer than necessary
* Processed in a manner that ensures appropriate security- protection against unlawful processing and accidental loss, destruction or damage using appropriate technical or organisational measures
* Article 5(2)- the controller shall be responsible for, and able to demonstrate compliance with these principles
What are the 8 individual rights under GDPR?
1) Right to be informed
2) Right of access
3) Right to rectification
4) Right to erasure
5) Right to restrict processing
6) Right to data portability (to use for their purposes)
7) Right to object
8) Rights to automated decision making and profiling (as undertaken by insurance companies)
What is a non-disclosure agreement and how does it work?
An NDA is a legal contract. It sets out how you share information or ideas in confidence. Sometimes people call NDAs confidentiality agreements and could be requested when dealing with investors, stockists and manufactures.
Without an NDA, you are taking the risk that others could use your ideas or information without your permission.
An NDA is a legally enforceable contract, therefore when a party breaches it you can claim rights due to a breach of contract. These rights are usually set out in the NDA itself and may include either damages for loss or a court order. Furthermore, you may need to take practical steps to rectify the situation. If an employee was the one who breached the NDA, they may have their contract terminated.
Data Protection Act 1988
The act related to the processing and storage of personal data and it places the obligations on the organisations that store the data to make sure that it stored safely. The Information Commissioner is responsible for enforcing the Act.
Any organisation that wants to store personal data must inform the Information Commissioner and register which costs £35.00 per annum. It is a criminal offence punishable by an unlimited fine to store personal data without registering.
There are EIGHT principles for storing personal data electronically
- Processed fairly
- Adequate and relevant to the purpose for which it is held
- Processed for the relevant purposes
- Processed in line with the data subject’s rights
- Accurate and up to date
- Held for no longer than necessary
- Not to be transferred to countries that don’t have similar data protection laws as UK
- Kept securely
Freedom of Information Act 2000
It was fully implemented in 2005
The Freedom of Information Act gives individuals and organisations the right to see what information is held about them from any public authority.
All public authorities or companies owned by public authorities have obligations under the Act that when responding to requests, they have to follow a number of set procedures and provide the information in the requested format within 20 working days.
Copyright
- This is a set of exclusive rights which are granted to the author or creator of some original work or information, including the right to copy. These rights can be assigned, transferred, licenced or sold.
- It is the ownership rights to copy over something.
- Controlling access/security/confidentiality
- Lack of proper access control makes it difficult or impossible to ensure that sensitive data is available only to those who are authorised to access it.
- This could lead to risk of inadvertently disclosing of proprietary information or confidential client information
