RICS draft professional statement - Data handling and prevention of cybercrime

1 Introduction

The surveying profession has a duty to remain vigilant around the use of data, not only due to the introduction of stricter national laws concerning the correct performance and disclosure of data processing activities, but also because the implications of data loss have never been greater.

With the introduction of data laws such as the EU General Data Protection Regulation (GDPR), many organisations and individuals have become aware of the importance of handling personal data securely. GDPR and other national legislation rarely concern themselves with data defined in other realms, but for the surveying industry this data is central to many tasks. This professional statement defines client data, which is non-public, non-personal data or information relating to buildings or companies that is often used to undertake measurements, valuations or other calculations, and the way it should be handled in order to ensure clients of the industry are protected from data or financial loss and exploitation.

The first line of defence against data loss and cybercrime is through education and best practice, even when the protection of data is a contractual obligation between companies that provide services which involve the use of client data. Market feedback highlighted concerns around the lack of professionalism in understanding and correctly performing data handling procedures.

This professional statement sets out best practice in the handling of both data and the prevention of cybercrime, and provides mandatory obligations that RICS members and regulated firms engaged in this area must comply with.

Principals in RICS-regulated firms must ensure that their firms, and everyone employed in them, comply with this professional statement.

It is important to note that data does not exist only in digital form and may be in the form of printed material, or other tangible storage media such as tapes, written notes or photographs. The scope of this professional statement includes the handling and processing of non-digital data, as well as digital data.

1.1 Effective date

This professional statement (PS) takes effect from xxxx 2019.