Data Management Flashcards
(39 cards)
What legislation are you aware of relating to data management?
1) Data Protection Act 2018
2) Freedom of Information Act 2000
What data sources do you use?
● Google Maps
● The Land App
● RICS standards / guidances notes
● Internet e.g. HSE website
● Contracts
What should you consider when accessing data sources?
Whether the information is reliable. Should verify using an alternative source (triangulation).
How is data secured in your company?
● Within my firm, project information is stored within a cloud-based system (PIM).
● System users are required to login using two-factor authentication, providing protection of the electronic database.
● Certain documents e.g. company polices are locked for editing by most users.
● We hold Cyber Essential + certification
● Antivirus software
What is your firm’s privacy policy?
1) Cookies are kept for 1 year
2) Embedded content may be tracked by the website source
3) Data of users is available upon request
4) Users can request their data is erased
How can data be secured?
● Disk encryption - converting t unreadable format
● Regular backups
● Password protection
● Anti-virus software
● Firewalls - software that prevents unauthorised access
What is copyright?
A form of intellectual property providing exclusive rights to the author or creator, protecting your work and stops others from using it without your permission.
You automatically get copyright protection when you create: original literature, photography, software, web content, databases, music/film recordings,
● Rights can be licensed, assigned or transferred
● Crown copyright = material created by government e.g laws, OS mapping, official press releases
Does EU’s GDPR apply to the UK?
The EU’s GDPR no longer applies to the UK, but was rewritten into UK GDPR. UK GDPR is covered by the Data Protection Act 2018.
What is the Data Protection Act 2018?
UK law that sets out how personal data must be collected, handled, and stored to protect individuals’ privacy. It essentially adapts the EU General Data Protection Regulation (GDPR) into UK law and replaces the previous Data Protection Act 1998.
What are the principles of the Data Protection Act 2018?
Anyone responsible for using personal data must make sure the information is:
● used fairly, lawfully and transparently
● used for specified, explicit purposes
● used in a way that is adequate, relevant and limited to only what is necessary
● accurate and, where necessary, kept up to date
● kept for no longer than is necessary
● handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
Who polices data protection?
Information Commissioner’s Office (ICO).
What rights do data subject have under the Data Protection Act 2018?
1) Informed - be informed of how their personal data is being collected and used
2) Access - request access to the data held on them
3) Rectification - inaccurate or incomplete data corrected
4) Erasure - deleting of their personal data
5) Restrict processing
6) Portability (use for their own purposes)
7) Object
8) Automated decision making (as done by insurance companies)
Among others.
Who is the data controller under the Data Protection Act 2018?
The person or firm who decides how and why data is processed. They are responsible for GDPR.
When do data security breaches need to be reported to the Information Commissioner’s Office (ICO)?
Within 72 hours where there is a loss of personal data.
What is the penalty for breaching the Data Protection Act 2018?
● For serious breaches of the Data Protection Act, organisations can face fines of up to £17.5 million or 4% of their annual worldwide turnover, whichever is higher.
● The Information Commissioner’s Office (ICO) can also take other enforcement actions, such as issuing warnings, imposing bans on data processing, or ordering the rectification, restriction, or erasure of data.
What is the Freedom of Information Act 2000?
Gives individuals rights to access information held by public bodies. The public body must:
1) Tell the individual whether it holds information
2) Supply the information within 20 working days (normally)
3) Public bodies can charge for providing the information
Exemptions included it being contrary to GDPR requirements or prejudicing a criminal matter under investigation.
What is personal data?
Information relating to a person.
How does your firm comply with GDPR?
● Only retain data required
● Personal data: person is kept informed
● Hold data securely (all password protected)
● Keep information up to date and delete information they no longer need
● Information stored on a cloud based system
● Everything is stored electronically however some paper copies of contracts etc held in the office.
How can data breaches occur?
● employee mistakes
● equipment failure
● hacking
● cyber-attacks
● malware (software designed to gain access to your computer systems)
● loss of equipment
What is an NDA?
Non-disclosure Agreement. A legally enforceable contract between two parties relating to sensitive information. If breached, the party with the sensitive information can take legal action to seek damages for losses incurred.
How do you comply with UK GDPR and the Data Protection Act 2018 in your role?
1) Comply with my company policies and procedures e.g. using PIM.
2) Ensure I do not misuse personal data and only use when required.
3) Lock my computer when I leave my desk.
4) Report any breaches to my line manager / director so it can be reported to the ICO.
What is Intellectual Property?
Intellectual property is something that you create using your mind - for example, a story, an invention, an artistic work or a symbol.
Can intellectual property be transferred?
Yes it can be sold or transferred.
Can you tell me about the retention of files and the Limitation Act 1980?
The Limitation Act 1980 sets the minimum retention periods for most legal documents, which is typically six years. However could be more for negligence claims (up to 15 years).
