National Child Mortality Database (NCMD)
Privacy Notice

How the NCMD programme protects personal information

The National Child Mortality Database (NCMD) holds data on all children in England who were liveborn and died before their 18th birthday. It does not hold data relating to stillbirths or legal terminations of pregnancy. The data is collected by Child Death Review Partners via their Child Death Overview Panels (CDOPs) (or equivalent) throughout England. This is a statutory process and provision is made within the Children Act 2004 for the collection and processing of this data without consent.
Personal data on the child that has died and any significant person in the child’s life is sent to CDOPs from all agencies who had contact with the child during their life, or after their death (see the NCMD Data Flow Diagram). CDOPs then enter the data into the NCMD, either manually, through a secure web portal, or automatically, through a web-based application programming interface (API).
The legal basis for NCMD to receive, hold and analyse the data collected by CDOPs is rooted in the statutory authority set out in the Children Act Section Under s16M(3).

The legal basis for collecting and holding the personal data of other living parties (e.g. significant people in the child’s life or professionals who had contact with the child during their life or after their death) is a combination of GDPR Article 6.1(c) compliance with a legal obligation, Article 6.1(e) performance of a task carried out in the public interest.

Why does the NCMD programme need to collect personal details about children who die and significant people in their life?

The NCMD programme needs to know the personal details of all children who die so their death and the events leading up to their death can be analysed. Each child may have had contact with a number of different services during their lifetime and each service will hold different information on the child. It is important that a complete picture is gained of the child’s whole life so as much as possible can be learned and actions can be taken forward to improve services and reduce the number of children who die. In addition, this ensures information about children with similar profile is not mismatched.
The NCMD programme needs to know the personal details of significant people in the child’s life in order to ensure that the right information is collected for the right person. In addition, this ensures information about individuals with similar profile is not mismatched.

What personal information does NCMD collect and why?

The information collected by NCMD is about children who die before their 18th birthday and their families. It includes:

Personal details of the child: (name, NHS number, address, postcode, death of birth, date of death, age, gender, ethnicity). These details help to identify the person so that a thorough analysis of their death can be carried out. The NCMD team require this information so it can be linked up with information from other sources to ensure the information is as accurate and complete as possible. This information is also needed for the analysis to help understand why children die and, for instance to identify whether there are any local concerns if for instance an increased number of deaths is recorded in an area or period / season.

Personal details of significant people in the child’s life: (name, address, postcode, date of birth and NHS number for the child’s mother only) These details are required so NCMD can be linked up with information from other sources to ensure the information is as accurate and complete as possible.
Personal details of professionals: In addition to data collected about children who die, the NCMD also collect information about people who have contacted the team and wish to be included on our contact lists in order to receive updates and information about NCMD. The NCMD ensures that prior to inclusion on any contacts databases, an individual provides their consent for this.

How is the personal information about children who die and significant people in their lives obtained by NCMD?

The main source of information for NCMD is from CDOPs. When the death is notified to the local CDOP, the CDOP will in turn notify NCMD of the death.; personal information about the child will be collected by both the CDOP and NCMD. This is so an alert system for peaks and clusters of death can be identified in real time.
The NCMD team will also receive information about child deaths from health or care systems to ascertain the information and to complete any missing details which required for achieving the NCMD main aims, which is to gather knowledge and learning and to inform policies to reduce child deaths in future.

What does the NCMD do with the personal information it receives?

The personal information is used to review the deaths of children. The purpose of these reviews is to identify if there are any potentially modifiable factors associated with the deaths and to offer suggestions for improvements that may help reduce premature deaths of children.
All data linkages will happen in house i.e. it is envisaged the programme will be linking up with clinical systems and national databases for the purposes of the NCMD analysis.
With regards to data held in our contacts database, the information is held for no other reason than to ensure communications are sent out to those interested parties. Consent for this can be revoked by the individual at any time by contacting the team at ncmd-programme@bristol.ac.uk

Who has access to the personal information of children who die and significant people in their lives?

Everyone in the NCMD team has access to the personal identifiable data included in the database. Every member of the team must complete the mandatory data security and protection training and sign the data confidentiality agreement before having access to the system and the data.
Information stored in the NCMD and the programme contacts’ database is not used for any other purpose than that specified, is protected by GDPR rules and regulations, and is not accessible by, or shared with any third-party agencies.

How is the personal information of children who die and significant people in their lives kept safe and secure?

The NCMD programme shares and stores personal information on a secure web-based platform that has been built especially for this purpose. The platform has been rigorously tested and meets the requirements for confidential information set by NHS England. The platform can only be accessed by those with a unique username and password, which is allocated after the user has received data security and protection and database training. Access rights are set at a number of different levels, so that information is limited on a ‘need to know’ basis.
Linked to the secure web-based platform is a secure data storage facility where data downloads are stored for data analysis purposes.
The NCMD contacts database is held on a secure server with sole use by the Bristol NCMD team. The usual PC security protocols are in place protecting this data, as is physical protection such as locked office doors and a comprehensive alarm system.
No personal and confidential information is kept on paper records. All information is stored on the secured and encrypted database and secured and protected servers.

How long is personal information is stored for?

The information on the children who die and significant people in their lives will be kept for the duration of the programme.
Information on the NCMD contacts database is held as long as consent is provided. Consent can be revoked at any time and then the record is deleted immediately.

For further information:
Please contact the NCMD team at:

Telephone: 0117 342 5633
Email: ncmd-programme@bristol.ac.uk
Website: https://ncmd.blogs.bristol.ac.uk/

Individuals have a right to complain to the Information Commissioners Office (ICO) if they think there is a problem with the way we are handling their data.

The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
The ICO website is https://ico.org.uk