Data Management Flashcards
(19 cards)
What legislation is involved with Data Protection?
Data Protection Act (DPA) 2018
What is the ethos of the Data Protection Act?
The protection, proper management and privacy of personal data.
It provides a framework that legally enforces the safeguarding of individuals’ private information against mishandling or misuse.
It governs how personal information is used by organisations, businesses or the government.
What are the seven key principles of the Data Protection Act (DPA) 2018?
1) Lawfulness, fairness and transparency: Data must be processed legally, fairly and in a transparent manner towards the individual.
2) Purpose limitation: Personal data can only be gathered for specified, explicit and legitimate purposes and not processed in a way not compatible with those purposes.
3) Data minimisation: The data gathered should be relevant, adequate and limited to what’s necessary in relation to the purpose for which they are processed.
4) Accuracy: Personal data must be accurate, where necessary kept up to date. Efforts should be made to rectify or erase data that is inaccurate or incomplete.
5) Storage limitation: Personal data should not be kept in a form which permits identification for longer than necessary for the purposes for which the data are processed.
6) Integrity and confidentiality: Personal data should be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage using appropriate technical or organisational measures.
7) Accountability: The data controller is responsible for, and must be able to demonstrate, compliance with the other principles.
“Let People Deal And Store Information Appropriately”
What is the purpose of GDPR ?
General Data Protection Regulation (GDPR) was introduced by EU in 2018 to protect the privacy and personal data of EU citizens.
Increased fines for those that breach the regulations
What are the different data sources available to me and what needs to be considered when using each of them?
Historic projects, price books and online data sources.
Political and legal situations may have changed. Won’t always know the specific details of the source information.
Who created the BCIS?
RICS originally created the BCIS
Now it’s a stand alone company
What types of data are on the BCIS?
PILR
project costs,
indices,
life cycle costs and
rates
What are the pitfalls with using cost data on BCIS?
Lack of understanding of the project details and associated cost information
Relies on accuracy of data entered
Political and legal situation may have changed since the cost information was produced
Old data that requires adjusting
What are the pitfalls with using indices on BCIS?
They are forecasted indices and may not be correct.
You don’t know how the indices have been produced.
They are an average across all cost increases and may not accurately reflect individual packages.
Does your company hold any data management qualifications?
ISO 27701 is the standard for privacy information management systems (PIMS),
building upon ISO 27001’s information security management system (ISMS).
How long can you keep personal information for clients?
Liability periods for underhand contracts are 6 years and deed is 12 years so documents should be kept for that long at least, however…
The company are required to keep information for higher risk buildings a minimum of 30 years following building safety act.
https://www.herbertsmithfreehills.com/notes/construction/2022-06/building-safety-act-2022-dont-throw-away-those-old-records-just-yet
(May only be relevant to Higher Risk Buildings but McBains keep all projects for 30 years to ensure they comply)
What data security does your company have?
Cyber Essentials plus
is a Government-backed certification scheme that keeps data safe from cyber attacks.
How do you ensure data is kept secure in your workplace?
- Password protection on sensitive data,
- Suitable digital file storage in job folders identified by job number
- Clear desk policy
- Lock computer when leaving my desk
What is a Non-Disclosure Agreement?
Agreement that protects against the sharing of confidential data.
You have 8 rights under GDPR. Can you give me 2 or 3 examples
Right To be informed,
right of access,
Right to rectification,
Right to erasure,
restricted processing,
to data portability,
to object
of automated decision making and profiling
What IT processes and procedures should a company establish to manage and protect data?
- Secure storage,
- backup,
- procedures for sharing confidential documents,
- standardised formatting of files/reports,
- procedures for sharing data.
What is the Freedom of Information Act?
Freedom of Information Act 2000
Gives the public the legal right to access information held by public authorities in the UK, including government departments, local councils, the NHS, schools, and the police.
To increase transparency, openness, and accountability in the UK public sector, enabling the public to better understand how decisions are made and how public money is spent.
What does BCIS stand for?
Building Cost Information Service
What does ISO standard for?
International Organization for Standardization
