Data Management

Question 1

What is the Commissioners for Revenue and Customs Act 2005 (CRCA)

Answer 1

It applies to all HMRC officers.
It expressly provides duty to keep information confidential.
Criminal penalties for wrongful disclosure

Question 2

What is Section 17 of the Commisioners for Revenue and Customs Act 2005 (CRCA)?

Answer 2

Section 17- Allows sharing of information between HMRC and VOA (SDLT, RALDs)

Question 3

What is Section 18 of the Commisioners for Revenue and Customs Act 2005 (CRCA)?

Answer 3

Section 18- Permits disclosure of information outside VOA/HMRC in line with our function (sharing RALDs with agents).
Must be proportionate and necessary.

Question 4

What is Section 19 of the Commisioners for Revenue and Customs Act 2005 (CRCA)?

Answer 4

Section 19- makes it criminal offence to disclose information that can identify an individual, unless it’s covered by Section 18.

Question 5

What are Sections 20 and 21 of the Commisioners for Revenue and Customs Act 2005 (CRCA)?

Answer 5

Sections 20 & 21- Covers when information can be disclosed where it is either in the public interest or it is to a prosecuting authority.

Question 6

What are Sections 22 and 23 of the Commisioners for Revenue and Customs Act 2005 (CRCA)?

Answer 6

Sections 22 & 23- Relates to rights to information under GDPR and FOIA and set out how these requests should be treated.

Question 7

What Act covers HMRC officers?

Answer 7

The Commisioners for Revenue and Customs Act 2005 (CRCA)?

Question 8

What is the Freedom of Information Act (FOI) 2000?

Answer 8

Gives people the right to request information from public authorities.

Question 9

What are the two rights under the Freedom of Information Act (FOI) 2000?

Answer 9

• To know if personal information is held.
• For that information to be communicated.

Question 10

What are the statiatory deadlines for Freedom of Information requests?

Answer 10

20 days

Question 11

What are the reasons for refusal of a FOI request?

Answer 11

• prejudice a criminal matter under investigation, or a person’s commercial interests.
• Too costly or too much staff time.
• The request is vexatious (difficult to deal with/cause anger).
• The request is a repeat request from same person.
• The request is contrary to GDPR

Question 12

What are the VOA’s limitations to dealing with FOI requests?

Answer 12

Must not disclose property related information as it could identify an individual.

Question 13

What is the Data Protection Act 2018?

Answer 13

UK’s GDPR.
Controls how personal data is used by organisations and businesses.

Question 14

What are the 7 principles of GDPR?

Answer 14

LAMP ASS:
Lawfulness, fair and transparency.
Accuracy.
Minimisation of data.
Purpose limitation.

Accountability.
Storage limitation.
Security (integrity and confidentiality).

Question 15

What are the 10 individual rights of GDPR?

Answer 15

RARE APC COI:
Rectification
Automation
Restriction
Erasure

Access
Portability
Consent

Complain
Object
Informed

Question 16

What is the statutory deadline to report a breach under GDPR?

Answer 16

Must be reported internally within 72 hours of becoming aware.
Must be reported to Information Commisioner’s Office (ICO) if breach likely to risk people’s rights within 72 hours.

Question 17

What must each public authority have to ensure GDPR?

Answer 17

A dedicated Data Protection Officer (DPO)

Question 18

What is the maximum fine for a breach of GDPR?

Answer 18

20 million euros or 4% of global turnover.

Question 19

What is copyright?

Answer 19

Set of exclusive rights granted to creator of work, is a form of intellectual property.
Essential to acknowledge any copyright for information duplicated in work.

Question 20

What external data do you use for your work?

Answer 20

CoStar- property information such as lease and sales data.
Expedian GOAD- Occupier information

Question 21

How do you protect any sensitive data in relation to inspections?

Answer 21

• Ensure all plans and measurements are kept confidential before, during, and after inspections.
• Ensure clear desk policy is maintained.
• Secure physical plans and data safely post-inspection.
• Save all plans and data securely digitally, in secure EDRM application.

Question 22

If you discovered a data breach, how would you deal with it in your organisation?

Answer 22

• Security incidents should be reported on the Security Incident Reporting Tool within 48 hours.
• If the breach risks anybody’s personal data being breached, then the Information Commissioners Office (ICO) must be informed within 72 hours.

Question 23

What is the defintion of personal data?

Answer 23

Any information relating to an individual or identifiable person.

Question 24

What is a data breach?

Answer 24

Is a security incident where unauthorised individuals gain access to sensitive or confidential information.

Question 25

What would you do if you received an FOI request?

Answer 25

I would contact the Data Sharing and Disclosure (DSD) team, who provide advice and guidance on FOIA within the VOA.

Question 26

How do you secure data?

Answer 26

- By using strong passwords for all applications. - By ensuring all of my devices are password protected and locked if not in use. - Ensuring a clear desk policy, with no documents or data visible. - By securely storing data (plans etc) in physical cabinets, or secure folders online.