Data management / Property records/information systems

Question 1

What is the Data Protection Act 2018/how different to GDPR?

Answer 1

• UK’s implementation of the General Data Protection Regulation 2016 (GDPR)
• Complete data protection system – as well as governing personal data covered by GDPR, it covers all other general data as previously covered by the 1998 Act

Question 2

What is GDPR/what relates to/what aims (2)/rights created?

Answer 2

• General data protection regulation
• Relates to personal data
• Aims to create a single data protection regime for anyone doing business in the EU and to empower individuals to take control of how their data is used by third parties
• Gives people stronger rights to be informed about how their personal information is used

Question 3

When did GDPR come into force?

Answer 3

25th May 2018

Question 4

What are the key requirements under GDPR (obligation, rights, appointment/responsibilities, accountability)?

Answer 4

• Obligation to conduction data protection impact assessments for high risk holding of data
• New rights for individuals to have access to information on what personal data is held and to have it erased
• A data controller decides how and why personal data is processed and is directly responsible for GDPR
• ‘Data accountability’ ensuring that organisations can prove to the Information Commissioners Office (ICO) how they comply with the new regulations

Question 5

What happens if you breach GDPR (reported to whom/by when/when)? What is the penalty (2 possibilities)?

Answer 5

• Data security breaches need to be reported to Information Commissioners Office (ICO) within 72 hours where there is a loss of personal data and a risk of harm to individuals
• An increase in fines up to 4% global turnover of the company or €20m (whichever is the greater)

Question 6

What does Article 5(1) of GDPR state in relation to the processing of data (3)?

Answer 6

Data must be processed lawfully, fairly and in a transparent manner in relation to individuals

Question 7

What does Article 5(1) of GDPR state in relation to the collection of data (3 purposes, post-collection)?

Answer 7

Data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes

Question 8

What does Article 5(1) of GDPR state in relation to the relevance of data (3)?

Answer 8

Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed

Question 9

What does Article 5(1) of GDPR state in relation to the accuracy of data (2), and what is stressed re. inaccuracies?

Answer 9

Data must be accurate and, where necessary kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purpose for which they are processed, are erased or rectified without delay

Question 10

What does Article 5(1) of GDPR state in relation to the form which data is kept in?

Answer 10

Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed

Question 11

What does Article 5(1) of GDPR state in relation to the processing of data (security)?

Answer 11

Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisation measures

Question 12

Who does Article 5(2) of GDPR state is responsible for the compliance with the principles outlined in Article 5(1)?

Answer 12

The data controller shall be responsible for, and be able to demonstrate compliance with the principles

Question 13

What are the 8 individual Rights under GDPR (AIRER POA)?

Answer 13

A CCESS
I NFORMED
R ECTIFICATION
E RASURE
R ESTRICT PROCESSING

P ORTABILITY
O BJECT
A UTOMATED DECISION MAKING/PROFILING
(INSURANCE COMPANIES)

1. Right of access
2. Right to be informed
3. Right to rectification
4. Right to erasure
5. Right to restrict processing
6. Right to data portability (to use for their own purposes)
7. Right to object
8. Rights to automated decision making and profiling (as undertaken by insurance companies)

Question 14

Under GDPR, would you be able to transfer personal data you hold outside of the UK?

Answer 14

GDPR restricts transfers of personal data outside the European Economic Area (EEA), unless the rights of the individuals personal data is protected in another way

Question 15

Who has received the largest fine under GDPR?

Answer 15

British Airways received a £183m fine in 2019 after hackers stole the personal data (including login, payment card, name, address and travel booking information) from 500,000 customers

Question 16

What is the Freedom of Information Act 2000?

Answer 16

Gives individuals the right of access to information held by public bodies

Question 17

What does the Freedom of Information Act 2000 require of public bodies (informing, timescale/format, fees)?

Answer 17

• Public body must tell any individual requesting sight of information whether it holds it
• Normally the public body is required to supply it in 20 working days in the format requested
• It can charge for the provision of the information

Question 18

What are the exemptions from the Freedom of Information Act 2000 (protection, prejudicial circumstances (2))?

Answer 18

• Contrary to the GDPR requirements
• It would prejudice a criminal matter under investigation
• It would prejudice a person’s/organisation’s commercial interest

Question 19

What are the elements of a Non-Disclosure Agreement (NDA) (I, D, S, E, L)?

Answer 19

• Identification of the parties
• Definition of what is deemed to be confidential
• Scope of the confidentiality obligation by the receiving party
• Exclusions from confidential treatment
• Length of term of the agreement

Question 20

What are automated valuation models (AVMs), and when typically used?

Answer 20

• Software systems which can provide property valuations using mathematical modelling combined with a database
• They are most used for residential property

Question 21

What are the advantages of using AVMs (data, practical benefits, lack of human interaction), and therefore useful for what particular type of asset instruction?

Answer 21

• Able to consider a larger number of data points than a traditional valuation approach
• Saves time, money and resources
• Removes any human bias or subjectivity
• Useful for assessing the value of a property portfolio

Question 22

What are the disadvantages of using AVMs (physical, logic, data limitation)?

Answer 22

• Do not take into account property condition (valuation assumes an average condition as an inspection does not occur)
• Does not take into account nuanced factors such as the view or level of street noise
• Use transactional data which may lag the actual market i.e. cannot include evidence from properties which might be under offer

Question 23

What do you understand by the term security of data?

Answer 23

Means ensuring that data is kept safe from corruption and that access to it is suitably controlled to ensure privacy and protection

Question 24

How can security of data be improved (E, BU, PP, AV, FW, DRP)?

Answer 24

• Disk encryption - encrypting data on a secure hard disk drive
• Regular back ups off site
• Password protection
• Use of anti-virus software protection
• Firewalls
• Disaster recovery procedures

Question 25

What does copyright mean, what form of property are they and what 3 things can you do with them?

Answer 25

• A set of exclusive rights granted to the author or creator of any original work, including the right to copy
• These rights can be licensed, assigned or transferred
• Form of intellectual property

Question 26

What does Crown Copyright cover?

Answer 26

All materials created and prepared by the Government, such as laws, public records, official press releases and OS mapping

Question 27

What is a deed?

Answer 27

A legal document made under seal

Question 28

How can you prove ownership of land which is not registered with the Land Registry?

Answer 28

The Deeds will set out information about the ownership and details of a property

Question 29

What do the Land Registry provide upon request and payment?

Answer 29

Copy of the official Title Register for registered property or land in the UK

Question 30

What does Title indemnity insurance cover/protection provided, and how paid?

Answer 30

• Protects a party for any claim arising from the title of a property e.g. title defects, restrictive covenants and easements
• Paid as a one-off premium

Question 31

What are restrictive covenants, and who has enforcement rights/why?

Answer 31

• Agreement to restrict the use of land in some way for the benefit of other land users
• They are enforceable by successors as they run with the land

Question 32

How can a restrictive covenant be removed, and is it straightforward?

Answer 32

Make an application to the Upper Tribunal (Lands Chamber) but the grounds for discharge are very strict

Question 33

What are MSCI Real Estate indices?

Answer 33

• Indices which provide investment performance statistics for owners and investors / fund management

Question 34

What do MSCI Real Estate indices aim to provide?

Answer 34

• Independent benchmarks and market data
• Provide real estate performance analysis, market indices and research regarding property investment performance and risk to the real estate world

Question 35

How do the MSCI produce their Real Estate indices?

Answer 35

Draw on up-to-date valuations of selected UK properties

Question 36

What are the RICS Data Standards, 2018/what set out/to support what/address what?

Answer 36

• Set of standards to support the capture, verification and sharing of data in a common format
• They address issues of digital data consistency

Question 37

What data are the RICS Data Standards, 2018 already available for (2)?

Answer 37

• International Property Measurement Standards (IPMS)

* International Construction Measurement Standards (ICMS)

Question 38

What additional data are the RICS Data Standards, 2018 going to be made available for (2)?

Answer 38

• International Valuation Standards (IVS)

* International Land Measurement Standard (ILMS)

Question 39

As a result of our eventual departure from the European Union, will GDPR still apply in the UK?

Answer 39

Government has been consistent in saying that it will still adopt all of the provisions of GDPR. Most of them have already be written into UK law through the Data Protection Act 2018

Question 40

What does the colour coding on Title Plans represent (Red/Green lines, Green/Blue/Orange shading)?

Answer 40

• Red Line – boundary of registered land
• Green Line – boundary of land removed from title
• Green Shading – land excluded from the title but within area
• Blue shading – right of way on registered land for use by other land
• Orange shading – right of way on other land for use by registered land

Question 41

What is included in a Land Registry title register
(Part A, D, T, D, R,
Part B, N/A O, D, PP, R,
Part C, M/F, ROI/L)?

Answer 41

• A: Property register - description of the property, tenure, the date the property was first registered and any rights it may benefit from e.g. private right of way
• B: Proprietorship register - name and address of the current owner, when they bought the property, how much was paid for it (if sold since 1 April 2000 (2002?)), any restrictions that limit the power of the owner and the class of the title
• C: Charges register - mortgages and other financial burdens received on the property. Other rights or interest that limit how the land or property can be used e.g. leases, rights of way or covenants

Question 42

What is a SAR, right provided?

Answer 42

• Subject access request

* Gives individuals rights to request any ‘personal data’ held on them. This right is a principle of GDPR

Question 43

What is “personal data” as defined by GDPR?

Answer 43

Personal data are any information which are related to an identified or identifiable natural person e.g. the telephone number, email address

Question 44

What professional statement is the RICS planning on releasing relating to the encryption of data and use of cloud-based storage facilities?

Answer 44

Data Handling and Prevention of Cybercrime, 2020

Question 45

What will be contained in the professional statement on Data Handling and Prevention of Cybercrime , 2020 (BP, obligations no., cloud, policies/for what issue), and how does it relate to DPA 2018?

Answer 45

• Best practice and 24 mandatory obligations
• Advise on matters such as encryption to protect data on portable devices, best practice when using cloud-based storage facilities (e.g. Dropbox, OneDrive and Google Drive) and ensure appropriate data handling policies are in place in the event of a data breach or malware attack
• It will sit behind the legal requirements of the Data Protection Act 2018 in the UK

Question 46

What should you do when transferring personal data outside of the European Economic Area (EEA) in order to act in accordance with GDPR (confirm what - yes/no actions, secure transfer)?

Answer 46

• Confirm whether the restricted transfer is covered by an “adequacy decision” i.e. the data protection framework is robust enough in that region
• If not it can be covered by an ‘appropriate safeguard’ or ‘exception’
• Ensure all data is encrypted

Question 47

Give me an example of a property information tool (4).

Answer 47

Land registry, CoStar, Rightmove, Zoopla

Question 48

What are the limitations of primary/secondary data sources?

Answer 48

• Primary data more likely to be subject to human error

- Secondary data, likely to be outdated before you get it therefore, requires validation before reliance on it.

Question 49

What is the principle of estoppel, and what legal case established this principle?

Answer 49

If a breach has continued for a long enough period without any objection being raised it may have been treated as being abandoned under the principle of estoppel. 20 years now considered acceptable following Hepworth V Pickles (1900) - 24 years in that case.

Question 50

How do you validate information (4)?

Answer 50

Legal documents, agents, colleagues (if we have an interest), public records.

Question 51

What is the difference between a deed and registered title (goal scorer/assist)?

Answer 51

Title - is the legal way of saying you own a right to something. For real estate purposes title refers to the ownership of the property, meaning you have the rights to use that property. (Goal scorer)

Deeds - are the legal documents that transfer to title from one person to another. (Assist).

Question 52

What is a TR1?

Answer 52

Land registry TR1 form is a formal land registry document which literally transfers the legal ownership of a property from one party or parties to another party or parties.

Question 53

What information is contained on a TR1 (TN, P, D, T/T)?

Answer 53

• Title number
• Property
• Date
• Transferor
• Transferee

Question 54

What other measures can you use to ensure the protection of data transfer (TLS/SSL, authentication, homeworking storage)?

Answer 54

• TLS (Transport Layer Security)
• SSL (Secure sockets layer)
• Implement two-factor authentication where access to client data and personal data is deemed a significant security risk.
• The use of VPNs for homeworking rather than storing data on personal devices

Question 55

How does network encryption work (4 steps)?

Answer 55

1. User initiates the connection by contacting server
2. Server sends public key
3. Negotiate parameters and open secure channel
4. User login to server host operating system

Question 56

What does the Privacy and Electronic Communications Regulations 2003 apply to? When was it updated?

Answer 56

This guide is for organisations that wish to send electronic marketing messages (by phone, fax, email or text), use cookies, or provide electronic communication services to the public.

• Updated 2018 and came into effect January 9th 2019

Question 57

What does the Privacy and Electronic Communications Regulations 2003 restrict (marketing, consent, cookies (3 reqs)? What are the penalties?

Answer 57

• Restricts unsolicited marketing (solicitated meaning requested)
• Require consent to send marketing material to a customer
• Restricts use of cookies
   - Tell people the cookies are there
   - Explain what the cookies are doing and why
   - Get the person’s consent to store a cookie on their device
• Penalties can include criminal prosecution and fines of up to £500,000

Question 58

What is an index map?

Answer 58

The index map contains information on all land and property that’s registered or being registered with HM Land Registry – establish whether land is registered/unregistered and reveals title number.

Question 59

What does encryption mean?

Answer 59

The process of converting information or data into a code, especially to prevent unauthorised access.

Question 60

What is a firewall?

Answer 60

A firewall is software or firmware that enforces a set of rules about what data packets will be allowed to enter or leave a computer network (prevents unauthorised access)

Question 61

How can you protect electronic data from viruses?

Answer 61

Anti-virus solution – JT require this for all client and server devices

Question 62

What is blockchain?

Answer 62

Blockchain is a type of distributed ledger for maintaining a permanent and tamper-proof record of transactional data

Question 63

When do you have to register for VAT?

Answer 63

When sales of goods exceed the £75,000 threshold or services exceed £37,500.

Question 64

How do you deal with an email sent in error to you containing confidential information?

Answer 64

I would inform the party that I had had sight of the information but keep the information in confidential.

Question 65

Are there any qualities a client must have that means data security cannot be breached?

Answer 65

A living individual only.

Question 66

What are the challenges facing a researcher when collecting data?

Answer 66

Data should be treated with care when collected from a secondary source and also analysed appropriately to
consider the specifics of the data especially when the market is not transparent.

Question 67

What are the main methods of primary and secondary data collection?

Answer 67

Primary Data is collected directly from the source and Secondary is historic or collected from a third party.

Question 68

What are the differences between quantitative and qualitative research?

Answer 68

Quantitative research allows for generalisation following analysis of research.

Qualitative research considers an in-depth analysis of the specific data – it allows for exploration and
investigation.

Question 69

How do you collect primary data?

Answer 69

Primary data includes data directly collected from the source of the deal. The internal database which
collates deals we have worked on is primary data.

Question 70

What must you do re. email communications to comply with GDPR?

Answer 70

Emails that show other recipients email addresses are in breach of GDPR.

Question 71

What must you take into account if you employ an IT company to improve data security?

Answer 71

o Most SMEs will need to employ an IT company to complete the work, however they will typically require obtaining insurance against the risks as IT companies terms of service don’t usually cover cyber security breach protection.

Question 72

Outline the 4 typical cybercrime types.

Answer 72

 Phishing
 Ransomware
 Malware
 Identity theft

Question 73

What should be in a companies Data Protection Plan re.
Assessment
Policy
Data collection
Appointment
Security methods
Storage
Contracts
3rd party data
Consent
Notification

Answer 73

 Assessment and documentation of any potential risks to both personal and client data
 Defining and maintaining a data retention policy
 Understanding and recording the purposes for which data is being collected and held.
 Appointing a personal responsible for enquiries and controls
 Devising passwords that are difficult to guess
 Use of firewalls and anti-malware and anti-virus tools
 Use of encryption for personal information and cardholder data during transmission.
 Ensuring personal and client data is protected from unauthorised access, whether it is stored digitally or in physical form
 Ensuring data is backed up regularly
 Ensuring acceptable use of client data through contractual clauses (i.e. NDAs)
 Ensuring that any use of third-party data is licensed (i.e. copyright)
 Ensuring consent is obtained for storing and processing data, and that this can be demonstrated
 If significant data breach, both regulators and data subjects are notified.

Question 74

MARK SAYS - YOU SHOULD BE THOROUGHLY FAMILIAR WITH GN ON ELECTRONIC DOCUMENT MANAGEMENT

Answer 74

This has been prepared to provide best practice for the creation, collaboration, indexing, managing and retrieving of data in response to the growth of electronic document exchange and storage - I think will be soon eclipsed by new one? OUTDATED FROM 2018- replaced with what?