*** APC Competencies > Data Management > Flashcards

Data Management Flashcards

(70 cards)

Study These Flashcards
1
Q

What is data?

A

Data is and recorded information, usually stored by a computer.

An example of data is survey information.

An example of data is an email.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How is data collected, analysed and stored within your employer’s organisation?

A

Bulk is gather via isuue of ROIs such as AINs, rental questionaires, cost questionaires etc. Information gathered by valuers on survey, recorded and stored locally. Local Council websites including planning portals. Other Assessors offices. Electoral returns. Other government departments.
By email.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How is data stored?

A

Various inhouse systems, Databases such as Progress/Putty, Alpha 5, Laserfiche.

Data management systems such as Workload Manager, GIS, SAA portal, Imperago and user systems such as excel and outlook.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How is project information is stored within your employer’s organisation?

A

Data can be stored locally in files with restricted access to only those who need it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How can you ensure the security of data?

A

Laptops are password protected and screens locked when away from your desk.

2 stage authentication for access to certain data.

When sending emails make sure they are encrypted so they cannot be intercepted. There is also the Vipre system which scans our outgoing and incoming emails to check for phishing etc and prompts a further recipient check on outgoing emails.

Password protecting documents.

Reviewing who has access to folders.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What legislation dictates the storage and sharing of information?

A

Data Protection Act 2018

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR) which was adopted in 2016. Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is: used fairly, lawfully and transparently.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is GDPR?

A

General Data Protection Regulation (GDPR) 2018

Companies covered by the GDPR are accountable for their handling of people’s personal information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How does GDPR effect your business?

A

must abide to the new GDPR rules when handling the publics personal information about the individual to ensure it can operate as it needs to but not compromise the personal data it holds on an individual.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is SAR?

A

A Subject Access Request (SAR) allows an individual the ability to ask a company or organisation to provide data held about them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What should you do if you receive a request under the freedom of information act?

A

For a request to be valid under the Freedom of Information Act it must be in writing, but requesters do not have to mention the Act or direct their request to a designated member of staff. You normally have 20 working days to respond to a request.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is your understanding of the term Confidentiality?

A
  • Where information is provided but is subject to confidence and not shared without permission.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is your understanding of the term Meta Data and why is this
important?

A
  • Meta Data is information about a specific piece of data.
  • For example when sharing a cost planning document, the Meta Data associated with this could consist of information about the author, the file size, the date the document was created and keywords to describe the document.
  • We must ensure that this Meta Data is afforded the same level of care as all other confidential data.
  • In a scenario where we are sharing a document or removing confidential
    components of a document we should ensure that any confidential meta data is not shared inadvertently
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is your understanding of Intellectual Property and Copyright?

A
  • This is the right to control the use and ownership of original works.
  • Work generally created by an employee usually belongs to their employer unless copyrights are put in place.
  • It is common within construction for a client to be granted license for use and reproduction of copyright material which should be clearly defined.
  • This could be the right to use a particular design by a subcontracting specialist who retains control of the original copyright.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the benefits of cloud-based storage systems?

A
  • Information is backed up securely on encrypted servers.
  • Cloud systems are often cheaper than the costs of physically storing and managing files.
  • It is convenient to send and share files online instead of mailing physical copies.
  • Cloud systems are environmentally friendly.
  • Multiple users can access the same documents.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the meaning of a non-disclosure agreement?

A
  • Non-disclosure agreements are used to protect against the disclosure or sharing of any confidential data.
  • Prior to the confidential data being share with a recipient, clients will typically request that the recipient signs up to an NDA.
  • They are often used when confidential, sensitive, innovative or intellectual property information is being shared to prevent this information being used by competitors.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the key Principles of the Data Protection Act 2018?

A
  • The act ensures that data is:-
    o Used fairly, lawfully and transparently.
    o Used in a way that is adequate, relevant and limited to only the purpose it is intended.
    o Is retained for no longer than is necessary.
    o Processed securely including the protection against unlawful use, loss or destruction.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are a person’s rights under the Data Protection Act?

A
  • People have the right to:-
    o To be informed about how their data is being used.
    o The right to access their data.
    o The right to have incorrect information updated.
    o To have their data erased.
    o To stop or restrict the processing of their data.
    o The right of portability.
    o To object to the use of their data.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Who are the key persons outlined within GDPR?

A
  • Controller (Assessor)
    o The controller is the natural person or legal entity that determines the purposes and means of the processing of personal data for example when processing an employee’s personal data, the employer is considered to be the controller.
  • Processor
    o A natural person or legal entity that processes personal data on behalf of the controller for example a call centre acting on behalf of its client is considered to be a processor.
  • Data Protection Officer (DPO - Heather)
    o The Data Protection Officer is a leadership role required by EU GDPR. This role exists within companies that process the personal data of EU citizens. A DPO is responsible for overseeing the data protection approach, strategy, and its implementation.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the 8 individual rights under GDPR?

A

to be informed.
access.
rectification.
erasure.
restrict processing
object
data portability.
automated decision making and profiling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Under the Freedom of Information (Scotland) Act 2002, what is the standard time limit for a public body to respond to a request?

A

20 working days from receipt of the request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

For a notice issued under the Non-Domestic Rates (S) Act 2020, how many days does a recipient have to respond?

A

28 days, with a potential further 28-day period before civil penalties apply.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is intellectual property?

A

The right to control the use and ownership of original works, such as designs or inventions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

The ‘storage limitation’ principle of the DPA 2018 states that data should be kept for how long?

A

No longer than necessary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What legal agreement is used to protect against the disclosure of confidential information shared with a third party?

A

A Non disclosure agreement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
According to the DPA 2018 principles outlined in the notes, what does 'purpose limitation' refer to?
Data must be collected for a specific, explicit and legitimate purpose
26
Which Scottish Act gives the public a right to access recorded information held by public authorities like an Assessor's office?
The Freedom of Information (Scotland) Act 2002 (FOISA).
27
Which UK legislation, which implements GDPR, governs the processing of personal data?
The Data Protection Act 2018
28
Which Scottish Act ensures the proper management and preservation of records by public bodies, including Assessors?
The Public Records (Scotland) Act 2011
29
What does the acronym BIM stand for?
Building Information Modelling.
30
What are our responsibilities under the Data Protection Act 2018?
To ensure personal data is processed lawfully, fairly, and securely, used only for legitimate purposes, and stored only as long as necessary.
31
What does ICO stand for and what are they responsible for?
Information Commissioners Office - responsible for upholding information rights.
32
Give 3 of the 7 principles of UK GDPR
1. Fair, lawful and transparent - process in a fair way 2. Purpose limitation – data used only for specific, legitimate purpose. 3. Data minimisation - collected only for necessary purpose. 4. Accurate and up to date 5. Storage limitation - Kept per retention record 6. Integrity - Processed with appropriate security 7. Accountability – Must be able to demonstrate compliance (Section 34(3))
33
Name 3 individuals rights under UK GDPR
 To be informed  Access – most common SAR – subject access request  Rectify inaccurate information.  Erase (certain circumstances)  Restrict processing (certain circumstances)  Object to certain processing – i.e. prevent to prevent direct marketing  Prevent automated decision making.  Data portability  Claim compensation due to breach.
34
What legislation governs data management in Scotland?
The UK GDPR and Data Protection Act 2018, the Freedom of Information (Scotland) Act 2002, the Environmental Information (Scotland) Regulations 2004, and the Public Records (Scotland) Act 2011.
35
How do companies ensure compliance with the Data Protection legislation generally?
They should only retain data they need to perform their day-to-day operations. If they are retaining someone’s data they should ensure the person is kept informed and advised on why they have it. They should hold the data securely and also keep the information up to date and delete information they no longer need.
36
Who are the key persons outlined within GDPR?
The controller – The controller is the natural person or legal entity that determines the purposes and means of the processing of personal data for example when processing an employee’s personal data, the employer is considered to be the controller. The Processor – A natural person or legal entity that processes personal data on behalf of the controller for example a call centre acting on behalf of its client is considered to be a processor. The Data Protection Officer – is a leadership role required by EU GDPR. This role exists within companies that process the personal data of EU citizens. A DPO is responsible for overseeing the data protection approach, strategy and its implementation. Usually for over 250 staff.
37
Which of the eight individual rights under GDPR allows a person to be told how their personal data is being used?
The right to be informed.
38
What is the most common type of request made under the 'right of access' principle of GDPR?
A Subject Access Request (SAR).
39
Under GDPR, the right of an individual to have incorrect personal information updated is known as _____.
The right of rectification.
40
Under GDPR, who is the 'Controller'?
The natural person or legal entity that determines the purposes and means of processing personal data.
41
Under GDPR, who is the 'Processor'?
A natural person or legal entity that processes personal data on behalf of the controller.
42
What is published sources of data?
External, reliable, publicly available information used to support valuations
43
How long does a public body typically have to respond to a Subject Access Request (SAR)?
One month, which can be extended by two months if the request is complex.
44
Under FOISA, what is a 'non-absolute exemption'?
An exemption where the public body must apply a 'public interest test' to decide whether to disclose the information. Whether the public interest in receiving this information is stronger than the interest in not. Commercial secrets, already due for public release, endangerment.
45
Under FOISA, what is a 'absolute exemption'?
Information that is otherwise accessible, disclosure is prohibited by law, breaches confidence, or is personal data under the DPA 2018.
46
For what statutory purpose does a Scottish Assessor collect information for the Council Tax list?
For banding purposes, as required by the Local Government Finance Act 1992.
47
For what reason does the Assessor collect non domestic information?
For rating purposes, as required by the Non-Domestic Rates (Scotland) Act 2020.
48
A data breach must be reported to the Information Commissioner's Office (ICO) within what timeframe?
Within 72 hours of becoming aware of it.
49
Which policy, such as RVJB's 'Stop and Think' policy, promotes careful handling of information and IT security?
Acceptable use policy
50
What is the term for the hierarchy of evidence for rental information, from most to least reliable?
New lease - open transaction at arms length Renewals Rent Review 3rd party Sale and Leaseback Collusive
51
What does the term 'AIN' refer to in the context of a Scottish Assessor collecting information?
Assessor's Information Notice, a formal request for information under statutory powers.
52
What is the purpose of adjusting a rental figure for incentives when analysing it for valuation?
To arrive at the 'true' or 'effective' rent that reflects the market value without distortions from rent-free periods or fit-out contributions.
53
The UK GDPR principle of only collecting the data that is actually needed is called _____.
Data minimisation.
54
Which piece of legislation allows a Scottish Assessor to issue notices to collect information required for their statutory duties?
Section 7 of the Lands Valuation (Scotland) Act 1854 (as amended). AINs fron Non Domestic Rates (Scotland)Act 2020
55
For a notice issued under the Non-Domestic Rates (S) Act 2020, such as an AIN, how many days does a recipient have to respond?
28 days, with a potential further 28-day period before civil penalties apply.
56
What is the cost ceiling for staff time spent on an FOI request before a Scottish public authority can refuse it?
£600
57
What is GDPR?
GDPR is the law brought in in 2018 (2021 for UK GDPR) which governs how organisations handle personal data. it sets rules for collecting storing processing and sharing information. It aims to protect privacy and make data us transparent and accountable.
58
What are the main changes in the Data protection act from 1998 to 2018?
It gives stronger rights about how data is used Brought in tougher penalties Breaches must be report to ICO within 72 hrs Privacy Impact statements Right to be forgotten or erased
59
Tell me about BIM?
Building Information modelling is a 3D digital model of a building which holds information such as sizes, sustainabilty details. A digital process for creating, managing, and sharing information about a building throughout its lifecycle — from design and construction to operation and maintenance.
60
How did your employer change their data management practices to comply with GDPR?
Updated the information handling policy Stop and think - previously Think twice Vipre security on emails two stage authentication Have a records management plan which must be logged with Keeper of records of Scotland Heather became the DPO and host regular Information Governance training Reporting procedures Assessor is Data Controller
61
Where are house sales information collected and stored
Collected from ROS and stored in progress and alpha 5
62
Where is rental information collected and stored
Collected through rental questionaires, bulk LL info and email, stored in Laserfiche
63
Where do we collect and store property details?
Collected on survey, or from planning or details requested by email and tel call. Stored in our internal N Drive, paper copies in numbered and addressed files in filing cabinets.
64
Where do we receive planning and building warrants
Reports sent regularly (monthly) from local councils. We also have access to the planning portals. Details kept on WLM. Paper copies in TSU and on LF.
65
What legislation allows the Assessor to issue AINs?
The Lands Valuation (Scotland) Act 1854 and its subsequent updates. Folowing the Barclay Review in 2017, the Non Domestic Rates (Scotland) Act 2020 brought in 26 of the 30 recommendation from the review. No26 allowed the Assessor to issue an AIN to any person they deem as the P/T/O or for the first time anyone they deem as an "interested party" such as an agent. They have 28 to comply or face a fine, 1% of RV or £1000 if they are not already on the roll.
66
What type of information does the Assessor collect?
Any information required in order to carry out their statutory duties
67
Explain the appropriate stages that you go through when analysing rental information and the key factors that you would take into account?
* Get the files out and check the analysed area/s * Identify whether or not the rents were professionally advised * Were they new lettings/Rent Reviews/Lease Renewals (hierarchy of evidence) * Were there any incentives? (If yes, strip out) * Is it a fitted out unit? (What are the analysed rents?) * Is it FRI? (If no then adjust)
68
How would you deal with an FOI request? Is the information always provided?
I would discuss the matter with my designated FOI officer. The information is not always provided. There are exemptions in FOI related requests: * Information otherwise accessible * Disclosure prohibited by law * Personal Data (Breach of DPA)
69
What are the benefits of cloud-based storage systems?
* Information is backed up securely on encrypted servers. * Cloud systems are often cheaper than the costs of physically storing and managing files. * It is convenient to send and share files online instead of mailing physical copies. * Cloud systems are environmentally friendly. * Multiple users can access the same documents.
70
* What is the difference between deeds and registered titles?
In Scotland, deeds refer to the old paper documents recorded in the Register of Sasines, which proved ownership through a trail of legal papers but could be complex to interpret. In contrast, registered titles are part of the modern Land Register of Scotland, which provides a single, map-based title sheet showing ownership, boundaries, and rights, guaranteed by the state for accuracy and clarity.
*** APC Competencies
flashcards
Decks in class (19)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions