Data Management (Lvl 2)

Question 1

How can you verify data to determine the reliability of the source and associated risks?

Answer 1

The data can be verified against an alternative source through triangulation.

Question 2

What type of data security technology exists in firms?

Answer 2

Disk encryption - encrypting data on a secure hard disk drive
Regular backups off site
Password protection - changed every 30 days
Use of anti-virus software protection
Firewalls and disaster recovery procedures
Discrete departmental drives.
Two-step verification

Question 3

What is copyright?

Answer 3

A set of exclusive rights granted to the author or creator of any original work, including the right to copy.

These rights for intellectual property and can be licensed, assigned or transferred.

Crown Copyright refers to material created and prepared by Government.

Question 4

What is the main data protection legislation in the UK?

Answer 4

UK General Data Protection Regulation (UK GDPR)
Data Protection Act 2018

Question 5

What is the purpose of UK GDPR and the Data Protection Act 2018?

Answer 5

To create a single data protection regime empowering individuals to take control of how their data is used by third parties.

These regulations / legislation give people the rights to be informed about how their personal information is used.

Question 6

What did the UK GDPR and the Data Protection Act 2018 laws introduce?

Answer 6

Creates an obligation to conduct data protection impact assessments for high risk holding of data.

Creates new rights for individuals to have access to information on what personal data is held and to have it erased.

A data controller decides how and why personal data is processed and is directly responsible for GDPR.

Introduces the principles of “data accountability” ensuring that organisations can prove to the Information Commissioner’s Office (ICO) how they comply with the new regulations.

Question 7

Under the regulations / legislation, when does a data breach need to be reported and who to?

Answer 7

Needs to be reported to the Information Commissioner’s Office (ICO) within 72 hours where there is a loss of personal data and a risk of harm to individuals.

Question 8

Who polices the regulations / legislation and what are the penalties for breaching them?

Answer 8

Policed by the Information Commissioner’s Office (ICO) and breach can result in fines to the greater of 4% of global turnover of the company or £17.5m.

Question 9

What are the key principles of UK GDPR?

Answer 9

Data must be processed lawfully, fairly and in a transparent manner.
Collected for a specified, legitimate purpose.
Adequate, relevant and limited to what is necessary for the purpose.
Accurate and kept up to date where necessary.
Kept in a form that permits the identification of data subjects for no longer than is necessary.
Processed in a manner that ensures appropriate security of the personal data.

“The controller shall be responsible for, and be able to demonstrate, compliance within the principles.”

Question 10

What are the 8 rights given to individuals under UK GDPR?

Answer 10

1. Right to be informed.
2. Right of access.
3. Right of rectification.
4. Right of erasure.
5. Right to restrict processing.
6. Right to data portability (to use for their own purposes).
7. Right to object.
8. Rights to automated decision making and profiling (as undertaken by insurance companies).

Restrict, Access, Data Portability, Informed, Object, Erasure, Rectification.
R-A-D-I-O-E-R

Question 11

rWhat is the purpose of the Freedom of Information Act 2000?

Answer 11

Gives individuals the right of access to information held by public bodies.

The public body must tell any individual requesting sight of information whether it holds it.
Normally the public body is required to supply it in 20 working days in the format requested.
It can charge for the provision of information.

Exemptions include:
Contrary to GDPR requirements.
It would prejudice a criminal matter under investigation or a person’s / organisation’s commercial interest.

Question 12

What is personal data?

Answer 12

Data which can be used to identify someone or record something about a person’s life or activities.

Question 13

What is the purpose of the UK General Data Protection Regulation?

Answer 13

To give individuals more control over their own information.

Question 14

What is a person who’s data you have collected called?

Answer 14

A data subject

Question 15

What is a privacy notice?

Answer 15

A notice provided to data subjects explaining their information rights.

Question 16

What is a data controller?

Answer 16

A person or business that decides how personal data is collected and determines what information is needed and why.

Question 17

What is a data processor?

Answer 17

Anyone who handles data and personal information on behalf of the controller.

Question 18

What is the purpose of a data protection officer and who is FG’s?

Answer 18

The purpose of a data protection office is to scrutinise and monitor a company’s compliance with data protection legislation. In FG that is Clare Phillipson.

Question 19

What are the 6 principles of collecting data under UK GDPR?

Answer 19

1. Lawful, Fair and Transparent - Must be clear, open and honest about how personal data will be used and must have a lawful reason for collecting personal data.
2. Purpose limitation - The personal data collected must only be used for the purpose stated.
3. Data minimisation - You must only collect data which is relevant to your purpose.
4. Accuracy - Data must be kept up to date.
5. Storage limitation - Personal data must not be kept for longer than needed.
6. Security - Must have appropriate security measures in place to protect personal data.

Question 20

What is a subject access request and how must you respond to one?

Answer 20

A request to see any records which relate to themselves as a data subject.

Must comply without undue delay and within at least one month of the request. It is a legal offence to charge a fee for this, in some cases you can charge an admin cost if excessive work is required.

Question 21

What legislation covers Subject Access Requests (SARs) and Freedom of Information Requests (FOIs)?

Answer 21

The Freedom of Information Act 2000

Question 22

How often should your password be changed?

Answer 22

Every 30 days.

Question 23

What data security threats may you encounter?

Answer 23

Ransomware
Phishing
Exploitation of Software vulnerabilities
DDOS Attack
Insider threat - employee error
Hacking
Loss or theft of equipment

Question 24

When may the RICS investigate a social media post?

Answer 24

When a post adversely impacts public confidence or trust in the profession. This includes posts that are:

Discriminatory
Bully, harass or victimise another person
Show a pattern of frequent concerning posts
Ignore previous warnings from the RICS

Question 25

When must a FOI request under the Freedom of Information Act 2000 receive a written response by?

Answer 25

A public body must respond within 20 working days. This can be to either give the information or refuse to with a written explanation.

Question 26

What is covered by intellectual property?

Answer 26

Copyright, trademarks, design rights and moral rights.

Question 27

What is copyright?

Answer 27

Where the author of the original work has exclusive rights to control the distribution of their work.