Data Management

Question 1

All data sources need to be what?

Answer 1

Verified
Accurate
Up to date
Reliable

Question 2

What are the five principles of better regulation?

Answer 2

The five principles are:
1. Proportionality
2. Accountability
3. Consistency
4. Transparency
5. Targeting

PACTT

Question 3

What regulation governs laws on data protection and privacy?

Answer 3

UK General Data Protection Regulation 2020

Question 4

What is the DPA 2018?

Answer 4

Data Protection Act 2018 (replaced DPA 1998)

Controls how personal information is used by organisations, businesses or government

Designed to protect personally identifiable information

UKs implementation of General Data Protection Regulations (GDPR)

Question 5

DPA - What are the key principles of DPA 2018?

Answer 5

The act ensures that data is:

1. used fairly, lawfully and transparently
2. used in a way that is adequate, relevant and limited to only the purpose it is intended
3. is retained for no longer than is necessary
4. processed securely including the protection against unlawful use, loss or destruction

Question 6

DPA - Tell me about DPA 2018?

Answer 6

Controls how your personal information is used by organisations, businesses or the government

Everyone responsible for using personal data has to follow strict rules called ‘Data Protection Principles’ also known as PACKAP

Consumer rights (ACCEP)

Question 7

DPA - Tell me about the 7 principles of DPA?

Answer 7

Information held must be:

1. Secure
2. Fairly and lawfully processed for relevant purposes
3. Accurate and up-to-date
4. Not kept longer than necessary
5. Not given to 3rd parties
6. Disposed of securely
7. Processed in line with the data subject’s rights

Question 8

DPA - Who has to comply with DPA principles?

Answer 8

Everyone responsible for using personal data

Question 9

DPA - What are a persons rights under the DPA 2018?

Answer 9

People have the right to:
1. To be informed about how their data is being used
2. The right to access their data
3. The right to have incorrect information updated
4. To have their data erased
5. To stop or restrict the processing of their data
6. The right of portability
7. To object to the use of their data
8. Right to automated decision making and profiling

Question 10

Tell me about GDPR?

Answer 10

Following Brexit, the UK GDPR 2020 was introduced (General Data Protection Regulation)

This sets out the main responsibilities for organisations using, storing and handling personal data

Article 5 sets out consumer rights

Question 11

GDPR - What are the GDPR consumer rights?

Answer 11

A - access
C - consent
C - correction
E - erasure
P - data portability

Question 12

GDPR - What are the 7 principles of GDPR?

Answer 12

1. Lawfulness, fairness and transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality
7. Accountability

Question 13

GDPR - What are the 8 individual rights under GDPR?

Answer 13

1. To be informed
2. To access
3. To rectify
4. To restrict processing
5. Data portability
6. To object
7. To automate decision making and profiling
8. To erasure

Question 14

GDPR - What role must firms have under GDPR?

Answer 14

Data Protection Officer - Role exists within companies that process the personal data of EU citizens

Question 15

GDPR - How does GDPR apply to the VOA?

Answer 15

The right to correct is something we actively do in the Check stage and in the FOR where personal data is explicitly collected

Question 16

GDPR - Who are the key persons outlined within GDPR?

Answer 16

Controller - person that determines the purpose and means of processing personal data e.g. employer

Processor - person that processes personal data on behalf of the controller e.g. call centres acting on behalf of its client

Data Protection Officer - leadership role required by EU GDPR (responsible for overseeing data protection approach, strategy and implementation)

Question 17

GDPR - What should companies put in place to ensure GDPR compliance?

Answer 17

Raise awareness across the business

Audit personal data

Review procedures supporting individual rights

Identify and document the legal basis for processing personal data under GDPR

Train staff and give them the information

Question 18

GDPR - What are the 3 principles of GDPR and DPA 2018?

Answer 18

1. Lawfulness, fairness and transparency
2. Purpose limitation
3. Data minimisation

Question 19

GDPR - Exemptions?

Answer 19

Domestic use
Law enforcement
Intelligent services

Question 20

How do you comply with UKGDPR and DPA 2018 in your role?

Answer 20

I am aware of different types of information we hold

I complete relevant training on understanding UK GDPR and DPA

I store data in the appropriate locations

I use appropriate document markings when storing and sharing information (official-sensitive)

I use secure information sharing i.e. outlook rather than teams

Question 21

What is the max GDPR fine set by UK GDPR and DPA 2018?

Answer 21

£20m euros (£17.5m) or 4% of annual global turnover (whichever is highest)

Could also face criminal charges

Question 22

How are DPA and GDPR different?

Answer 22

GDPR relates to personal data whereas data protection relates to all data

Question 23

What is the Freedom of Information Act 2000?

Answer 23

Gives individuals the right of access to information held by public bodies

The public body must tell any individuals requesting sight of the information whether it holds that information

Must be supplied within 20 working days in the format required

Can be charged for the provision of the information

Question 24

FOI - What is essential to understand regarding the Freedom of Information Act 2000?

Answer 24

It is essential to understand the rights of individuals to request the information which we hold on them.

Question 25

FOI - How do FOI 2000 requests work?

Answer 25

1. Must be in writing 2. Information must not be exempt 3. Check it includes the requesters name, address and clearly describes the information wanted 4. Forward request to FOI inbox team

Question 26

FOI - Exceptions in the FOI Act 2000?

Answer 26

Personal data National security Information held by the VOA for its functions that either directly identifies a person or enables their identity to be deduced from it, is exempt from disclosure under S44 FOI Act 2000 as it is prohibited by S23 CRCA 2005

Question 27

FOI - 2 ways FOI provides the public with access to information held by public authorities?

Answer 27

1. Public authorities obliged to publish certain information about their activities 2. Members of the public are entitled to request information from public authorities

Question 28

FOI - When can it be refused?

Answer 28

Too costly Prejudice a criminal matter If a repeat request

Question 29

What is personal data?

Answer 29

Any information which is related to an identified or identifiable person

Question 30

What are some punishments for data offences?

Answer 30

Warnings Temp or permanent ban on data processing Restriction or erasure of data Suspend data transfers to 3rd party countries

Question 31

What security measures can you use to protect data?

Answer 31

Password Security markings Physically locking storage units Encryption firewalls 2 factor authentication

Question 32

What are encryption, firewalls and blockchain?

Answer 32

E - securing data by encoding it mathematically so it can only be read or destroyed by those with the correct key or cipher F - network security device that monitors traffic to/from your network, it allows/blocks traffic based on a set of security rules B - digitally distributed, decentralised public ledger that exists across a network

Question 33

What best practice would you encourage in terms of managing data?

Answer 33

Cross ref computer with hard copy Back up IT systems Write once, read many times Keep an audit trail Ensure electronic signature cannot be altered (PDF not Word)

Question 34

How do you process and handle confidential information?

Answer 34

Do not print what I do not need to Ensure appropriate saving with correct naming convention applied Don't leave computer unlocked or unattended

Question 35

How do you extract data from a source regularly used in your role?

Answer 35

Internal database - CDB for rental and sales info Set parameters for data to refine prior to download Use filters on excel to refine the data to what I need

Question 36

What is an EDMS?

Answer 36

Electronic Document Management System Software package designed to manage electronic information and records within an organisations workflow Allows a use to manage the creation, storage and control of records while allowing others to access and edit documents

Question 37

What type of documents can electronic signatures be used for?

Answer 37

To replace handwritten signatures in virtually every personal or business process (contracts, application form and non-disclosure agreements)

Question 38

Are electronic signatures accepted by the Land Registry?

Answer 38

Yes - under English law a deed can be validly signed and witnessed using an electronic signature platform e.g. docu sign e signature Documents that can be electronically signed: Legal documents Contractual agreements Invoices Financing documents

Question 39

How do you validate information?

Answer 39

Cross check with another source Call to get further information/confirm details Adopt a common sense approach

Question 40

What are the pros/cons of primary data?

Answer 40

Pros - specific to needs, greater control, more up to date and may be more accurate Cons - expensive and time consuming

Question 41

What are the pros/cons of secondary data?

Answer 41

Pros - easily accessible, affordable and less time consuming Cons - may lack reliability, may be outdated, may have to deal with irrelevant data before finding suitable data

Question 42

What regulations cover sharing data?

Answer 42

CRCA 2005 The Commissioners of Revenue and Customs Act (CRCA) 2005 is the Act of Parliament that created HM Revenue and Customs (HMRC) in April 2005. The Act also puts those functions formerly undertaken by the Valuation Office Agency in respect of the valuation of property on a statutory footing specifically referring to the Valuation Office Agency (VOA) in section 10.

Question 43

Where are the functions of the VOA stored?

Answer 43

Schedule 1 Section 7 and Section 10 of CRCA

Question 44

CRCA - You shared FOR details with an agent, did you have permission to do so?

Answer 44

Yes - VOA is subject to the Commissioners for Revenue and Customs Act 2005 This covers the confidentiality of information held by the VOA and when it is lawful to disclose that information VOA can disclose in limited circumstances including legislative gateways/consent Section 18 (2) and (3) allows sharing of data so long as it is reasonable and proportionate to do so BAs treat information from VOA as confidential even if the information sharing agreement is terminated

Question 45

CRCA - What section presents personally identifiable information?

Answer 45

Section 18 - disclosure

Question 46

CRCA - What is Section 7 CRCA 2005?

Answer 46

Sets out the VOAs functions: Compilation and maintenance of rating lists and council tax lists Valuation of property

Question 47

CRCA - What is Section 10 CRCA 2005?

Answer 47

Allows the VOA to provide a valuation of property: For any purpose relating to its function At the request of a public authority Allows VOA to provide a valuation of property; § For any purpose relating to the functions of HMRC, [being for Rating Lists and Council Tax Valuation lists, or HMRC functions such as Inheritance Tax]; § At the request of a public authority [allowing for Property Services to undertake work for other public bodies]; § At the request of any other person, if the valuation is necessary or expedient, in connection with: · (i) the exercise of a function of a public nature; or · (ii) the management of money or assets received from a person, exercising functions of a public nature; § To advise about matters connected to the valuation of property [this is the test against which VOA determines the work it can do].

Question 48

CRCA - What does section 17 refer to?

Answer 48

allows sharing of information held for one function with another function (within HMRC and VOA)

Question 49

CRCA - What is Section 18 CRCA 2005?

Answer 49

Section 18 refers to confidentiality and disclosure, outlining conditions under which Revenue & Customs officials may disclose information. Sets out where information can be disclosed Do not disclose HMRC information unless: 1. It is essential for one of our functions 2. It is allowed by specific legislation 3. It is with consent of the customer 4. It is in the course of civil proceedings 5. Where disclosure is in public interest

Question 50

CRCA - What does section 19 refer to?

Answer 50

it is a criminal offence for VOA officers to disclose VOA information that either identifies a legal person or enables their identity to be deduced when it is not covered by the circumstances set out in section 18

Question 51

CRCA - What do sections 20 and 21 refer to?

Answer 51

covers when information can be disclosed where it is either in the public interest or is to a prosecuting authority.

Question 52

CRCA - What do sections 22 and 23 refer to?

Answer 52

relates to the rights to information under GDPR and FOIA and set out how these requests should be treated

Question 53

CRCA - What must you ensure regarding section 18 to section 23 of the Commissioners for Revenue and Customs Act 2005?

Answer 53

You must ensure you are aware of the implications when considering disclosure about taxpayers and our clients.

Question 54

CRCA - When would you disclose info about customers to 3rd parties?

Answer 54

In line with CRCA 2005: - If essential to functions - In line with legislation - Consent - Civil proceedings For example, law allows us to disclose rental information when dealing with a rating challenge and the appellant can request rental info proportionate to ours

Question 55

CRCA - Why must personally identifiable information be redacted in accordance with CRCA?

Answer 55

Only relevant information required to perform function of HMRC Bound by GDPR

Question 56

CRCA - What is the max prison time for wrongful disclosure under CRCA?

Answer 56

2 years

Question 57

CRCA - If you worked in private practice, would your considerations differ (i.e. CRCA)?

Answer 57

No CRCA but would handle client data to aid your organisation but still comply with DPA and GDPR

Question 58

CRCA - Name a type of security as laid out in the VOAs arrangement in complying with CRCA 2005?

Answer 58

Physical security: Access control - all VOA staff and visitors require passes for access to premises Secure storage - sensitive data is stored in secure environments, including locked security cabinets Strict access control - access to classified statistical data is strictly controlled in line with the VOAs security policy Technical security Organisational security Disclosure security

Question 59

How do you deal with someone requesting to access their own personal information?

Answer 59

Deadline of 1 month to respond to request Forward to subject access request (SRA) inbox immediately If part of an outstanding case, would consider if it can be dealt with more appropriately as business as usual under CRCA Verbal request for property information cannot always be answered verbally - may require verification of the persons link to the property before deciding to disclose

Question 60

What is a SAR?

Answer 60

The right of access, gives individuals the right to obtain a copy of their personal data from you, as well as other supplementary information

Question 61

What does a SAR entitle an individual to obtain?

Answer 61

Confirmation that you are processing their personal data A copy of their personal data Other supplementary information

Question 62

Can other colleagues access information you are working on?

Answer 62

Not if they are on a different team

Question 63

How long does VOA keep information and how is it disposed of?

Answer 63

Min of 6 years VOA has a team who deals with erasure and data disposal

Question 64

What are the benefits of a cloud based system?

Answer 64

Information is backed up by encrypted servers Accessibility can be managed via online settings Cheaper than physically storing and managing files More convenient to send and share files Environmentally friendly Multiple users can access the same document at the same time

Question 65

What is disclosure?

Answer 65

Sharing information with others Before sharing info you must be sure you have the right to disclose it and the person requesting it has the right to receive it

Question 66

What is a NDA?

Answer 66

Used to protect against the disclosure or sharing of any confidential data Prior to information being shared clients will typically request that the recipient signs up to an NDA Often used to prevent confidential or sensitive property information being used or talked about by competitors

Question 67

If 2 departments within your firm were working for rival companies, how would you manage sensitive data?

Answer 67

Make the clients aware of risks Conflict of interest Informed consent Keep staff exclusively in one team NDAs Separate working locations Use secure document systems with access restrictions

Question 68

What personal and confidential information does you organisation hold?

Answer 68

Personal data relating to VOA employees Emails containing sensitive or confidential information Customer correspondence received in confidence Customer records Property information Contractual information relating to past, present or future companies

Question 69

What is Copyright?

Answer 69

It is exclusive and assignable legal rights given to the originator for a fixed number of years to print, publish, perform, film or record literacy, artistic or musical material

Question 70

What is Intellectual Property & can it be transferred?

Answer 70

It is intangible property that is the result of creativity, such as patents, copyrights etc Yes - through written agreement, it should clearly state the details of the transfer including specific IP rights being transferred, parties involved and conditions/limitations

Question 71

What is the Limitation Act 1980?

Answer 71

Section of UK law that sets out rules for how long someone can take legal action to recover money they are owed Only applies when no contract has been made between the creditor and debtor within the given time limit and only applies to residents of England and Wales

Question 72

LA - Tell me about the retention of files under LA 1980?

Answer 72

Files kept for 6 years: Personal injury Crime Debt collection County court litigation Immigration Files kept for 15 years: Sales of leasehold properties Residential property purchases Property sales Probate financial services Files kept for longer than 15 years: Name change Wills Pension schemes IP Company formation

Question 73

What is the difference between a deed and a registered title?

Answer 73

Deed - the physical document that proves ownership Title - concept of legal ownership that the deed grants

Question 74

How can you protect data from viruses?

Answer 74

Keep systems, browsers and important apps up to date Antivirus software Anti-spy software Firewalls Strong passwords Be cautious of phishing emails

Question 75

What is AVM?

Answer 75

Automated Valuation Model RICS definition 'using one or more mathematical techniques to provide an estimate of value of a specified property at a specified date, accompanied by a measure of confidence in the result, without human interaction post-initiation

Question 76

AVM - Explain the growing use of AVM in the industry?

Answer 76

They are increasingly being used as an input to the valuation process or as a second opinion Examples of funds being valued using an internal AVM, with a human valuer reviewing and providing assurance in their roles as an external, independent valuer e.g. Rightmove or Home track (used by Zoopla)

Question 77

What does TARGETING mean in Principles of Better Regulation?

Answer 77

TARGETING means regulation should focus on the problem and minimize side effects.

Question 78

AVM - What is an AVM?

Answer 78

Put simply, a market valuation produced through mathematical modelling Based on market analysis of location, market conditions and real estate characteristics

Question 79

AVM - What is your view on the use of AI/AVM in property valuation?

Answer 79

It has potential to offer greater accuracy and efficiency in carrying out valuations AI algorithms are able to evaluate other comparable properties and pinpoint an estimated valuation Drawback: Site specific abnormal factors such as property condition and special values cannot be considered Susceptibility to a reliance on bad data which can reduce the accuracy of the inputs Can provide access to a wide array of data and greater efficiencies when used as a data collection and processing tool Critical to have significant input from a human appraiser standpoint in order to undergo rigorous checks and due diligence

Question 80

AVM - Have the RICS considered the use of AVM recently?

Answer 80

Yes - RICS Harris Debate 2024 This is organised annually and provides a platform to address ethical concerns in the field of surveying and valuation Focussed on the theme of ethics in the age of AI and its impact on valuation practice

Question 81

AVM - What are the ethical implications of adopting AI/AVM in property valuations?

Answer 81

Rely on data and if this is inaccurate, incomplete or intentionally weighted following bias data input, this dramatically skews results Issues with transparency of data input and analysis with operators of AI not always fully cognisant of how the results have been generated Creators cannot fully explain how decisions are made so valuations with sole AI/AVM input would not comply with current regulations and industry standards

Question 82

AVM - What wider impact will AI/AVM have on the property industry?

Answer 82

Enhanced property management Data-driven decision making Streamlining transactions Simulate impact of new developments Risk management Emphasises the collaboration between technology and human expertise

Question 83

AVM - What RICS guidance is available?

Answer 83

Insight Paper 2022 - AVM: implications for the profession and their clients Red Book 2025 - PS1 and VPS5 Valuation models - 'No model without the valuer applying professional judgement, for example an AVM can produce an IVS-compliant valuation

Question 84

AVM - What are non-useful sales?

Answer 84

The objective of the modelling is to produce value estimates which are consistent with statutory basis of valuation for Council Tax The key assumptions being: Open market sale between a willing buyer and seller Vacant possession Freehold or long leasehold (min of 99 years) Reasonable state of repair Use restricted to a private dwelling No development value Therefore, exclude non-open market sales such as connected parties, discounted sales, forced or repossession sales Also sales from properties with a sitting tenant, part shares, reflecting development value or in a poor state of repair

Question 85

AVM - What is sales verification?

Answer 85

Investigation of sales information to verify that a sale is open market value, that it is useful for modelling purposes and to ensure that the property attribute data at the date of sale is correct This improves the model accuracy, reduces unnecessary outlier investigation and verifies the data inputs

Question 86

AVM - What data does the AVM rely on?

Answer 86

SDLT and Land Registry - verified during the sales verification stage Property attribute data of both sold and unsold properties Geographical data including ONS boundaries and grid co-ordinates

Question 87

AVM - What property attribute data explains differences in house values?

Answer 87

The characteristics of the property

Question 88

AVM - What is CT Welsh Reform?

Answer 88

The re-assessment of over 1.4 million domestic properties whilst providing greater transparency and improved engagement with customers

Question 89

AVM - What is CT?

Answer 89

A tax on domestic property collected by the local authority

Question 90

AVM - How did you verify the property attribute data linked to the sale?

Answer 90

Checked our internal records and verified this with local planning documents and RM sales particulars

Question 91

AVM - Talk me through your AVM example?

Answer 91

I assisted with the sales verification exercise for the Welsh CT Revaluation 2025 I removed non-useful property sales from the AVM model in order to improve model accuracy using SDLT and LR sales evidence, I verified sales which were at open market value I then verified the property attribute data linked to that sale to ensure it correctly reflected the property at the time of the sale I then ensured all evidence was securely stored within the VOAs internal database

Question 92

Talk me through your FOR viewing?

Answer 92

During a CHG the agent requested to view rental evidence submitted within my response As copies of rental evidence cannot be provided, i arranged for the agent to view them at my local office I arranged access with the buildings estate team, booked a private room to mitigate the risk of a data breach to colleagues within the building I met the agent in reception and escorted them at all times I advised the agent that they could view the data but not take any photocopies or photos I ensured personally identifiable information was redacted in accordance with CRCA I then escorted the agent back to reception and witnessed them leave the premises

Question 93

FOR - Could you provide FOR information under Section 18 CRCA?

Answer 93

Disclosure made for the purposes of a function of HMRC

Question 94

FOR - What legislation provides that an agent is unable to take photos of an FOR?

Answer 94

Reg 17 (4) (b) (ii) of The Valuation Tribunal for England (CT and Rating Appeals) (Procedure) regulations 2009 The VT for England (CT and Rating Appeals) (Procedure) (Amendment) Regulations 2021

Question 95

FOR - How much notice must an appellant provide in order to view an FOR?

Answer 95

Not less than 24 hours as per reg 17

Question 96

FOR - What if the agent asked to view a 2023 FOR on a comparable while at the viewing?

Answer 96

As per reg 17of the VTE Regs 2009 as amended, I would not disclose this evidence as it is not relevant to the existing proposal (being a 2017 list challenge)

Question 97

What is the ICO?

Answer 97

Information Commissioners Office UKs independent body set up to uphold information rights ICO is responsible for regulating compliance with the DPA 2018, FOI act 2000 and the Environmental Information Regulations 2004

Question 98

Are there any recent updates to data management in the general market?

Answer 98

The Data (Use and Access) Act 2025 (DUAA) has received Royal Assent in June 2025 and will be phased in through 2025-2026. Aims to enhance data sharing between public and private sectors while ensuring individual privacy protections Increase in ICOs fees paid by data controllers

Question 99

How does the VOA collect data?

Answer 99

From ratepayers and representatives FORs (now RALD) Inspection Public domain Subscription websites

Question 100

What kind of information does the VOA hold?

Answer 100

Lease info Sales info Building info Market knowledge reports

Question 101

What is data subject?

Answer 101

The identified or identifiable living individual to whom personal data relates

Question 102

What is ISO 27001?

Answer 102

International info security standard for how a company should implement security management systems - government framework that contains structured activities that allows companies to manage information security risks

Question 103

Are you aware of any recent high profile fines regarding data breaches?

Answer 103

TikTok (EU): €530 million fine (2025) for processing children's data, notes one source. Irish Data Protection Commission fines TikTok €530 million and orders corrective measures following Inquiry into transfers of EEA User Data to China LinkedIn (EU): €310 million fine (2024) for issues with data processing and consent. Uber (EU): €290 million fine (2024) for security failures. META - €1.2 billion (May 2023): fine after Irish court ruled it violated GDPR laws related to data transfers between the EU and the US

Question 104

How soon should you report a data breach and to whom?

Answer 104

Must report breach (internally) within 72 hours of becoming aware. Dedicated Data Protection Officer (DPO) required for public authorities. You must report breach to ICO if breach has high likelihood to risk peoples rights and freedoms within 72 hours. Stronger legal protection for more sensitive information, such as race, religious or political beliefs, sexual orientation.

Question 105

How would you handle a data breach (in VO and private)?

Answer 105

VOA - report the incident to the information security team Private as a sole practitioner: Assess the breach Attempt to remedy the breach Notify client/ex-client Serious breach and loss to client/ex-client report to the ICO

Question 106

How do you ensure the integrity of the data you hold?

Answer 106

Ensure its accurate, consistent, reliable, access controls, data back up, data encryption, audit trails

Question 107

What is special category data?

Answer 107

Special category data is personal data that needs more protection because it is sensitive. It contains the following: 1. racial or ethnic origin 2. political opinions 3. religious or philosophical beliefs 4. trade union membership 5. genetic data 6. biometric data for the purpose of uniquely identifying a natural person 7. data concerning health 8. data concerning a natural person’s sex life or sexual orientation Article 9 of the UK GDPR

Question 108

How do you source title info?

Answer 108

LR

Question 109

What data sources do you use to check statutory functions?

Answer 109

Asbestos register EPC Planning Flood risk map Coal mining authority map

Question 110

What role does data management play in your day-to-day job?

Answer 110

Data management is essential for handling and organizing information effectively.