Guidance

Disclosure of death registration information

Updated 5 May 2023

1. Overview

The disclosure of death registration information (DDRI) scheme allows the registrars general for England and Wales, Scotland and Northern Ireland to disclose death registration information to assist in the prevention, detection, investigation or prosecution of offences

The DDRI scheme is administered, on behalf of the 3 registrars general, by the data delivery team in the General Register Office (GRO) (England and Wales). Disclosure is legislated by the Police and Justice Act 2006 and the Local Electoral Administration and Registration Services (Scotland) Act 2006. The DDRI scheme was launched in 2008.

Organisations wishing to apply for a weekly supply of UK death registration data must be able to demonstrate that they will only use the information in the prevention, detection, investigation or prosecution of offences. In addition, they will need to meet the required security standards.

Details of how organisations meet these criteria can be found in the eligibility section.

You can find a description of the application process and a copy of the application form in the application process section.

For answers to any questions you have on the DDRI scheme, please read our advice for applicants.

Licensed DDRI customers receive a weekly electronic file of new deaths registered within the UK.

The DDRI scheme only provides for the supply of death registration data for the UK as a whole. Requests for data should be made directly to the appropriate Registrar General.

Requests for data specific to Scotland should be made to the Registrar General for Scotland.

2. Eligibility

Anyone who applies for disclosure of death registration information must explain how it will be used.

2.1 Eligibility for applications

The registrars general for England and Wales, Scotland and Northern Ireland can disclose death registration information to assist in the prevention, detection, investigation or prosecution of offences. Anyone who applies for this information must explain how it will be used to meet this purpose.

Orders made under the provisions of the Police and Justice Act 2006 state that information may be released to organisations that fall within the definitions listed such as:

• a local authority within the meaning of the Local Government Act 1972
• the Council of the Isles of Scilly
• a council within the meaning of the Local Government etc (Scotland) Act 1994
• a district council within the meaning of the Local Government Act (Northern Ireland) 1972
• a government department in England and Wales or Scotland and any agency thereof the Scottish Executive
• a Northern Ireland department
• a credit reference agency
• a building society within the meaning of the Building Societies Act 1986
• an insurer
• a person who holds a licence under the Consumer Credit Act 1974
• a bank as defined in the Bankers’ Books Evidence Act 1879
• the trustees or managers of a pension scheme
• a person who, or body which, updates lists so as to remove the entries on those lists of persons who are deceased
• a body established by an act of Parliament or by a statutory instrument made under an act of Parliament to perform functions conferred on it under or by that act or instrument
• an NHS body within the meaning of the National Health Service Act 2006
• an NHS body within the meaning of the National Health Service (Wales) Act 2006
• a body to which Article 90 of the Health and Personal Social Services (Northern Ireland) Order 1972 applies
• the Common Council of the City of London
• a person who has been authorised to exercise a function of an office-holder or minister in accordance with section 69 of the Deregulation and Contracting Out Act 1994
• a person who has been authorised to exercise a function of a local authority in accordance with section 69 of the Deregulation and Contracting Out Act 1994

Should any organisation that applies for the information not fit within the definitions there is the possibility that further orders can be laid before Parliament to extend the list accordingly.

2.2 Security requirements

Applicants who are invited to progress to stage 2 of the application process must complete a security assessment form.

Before any decision is made on whether the information can be disclosed, the registrars general need to be satisfied that sufficient security exists to ensure that the data is only accessed by the appropriate people for the purpose for which it is intended.

Applicants must provide details of the security measures in place for the actual site(s) where the data is to be stored, processed or accessed. Details of the organisation’s security policy are required, as well as other information, for example, whether any security risk reviews are undertaken in relation to any systems which will use the data.

3. Application process

This step-by-step procedure shows what is required at each stage in requesting access to the disclosure of death registration information.

3.1 Stage 1: eligibility assessment

Step 1: Applicants must complete all questions on the application form and email the completed form to the data delivery team at datagro@gro.gov.uk. An explanatory note for question 2.1 is included at the end of the application form.

Step 2: The data delivery team reviews the application and makes a recommendation to the decision making panel (DMP) on whether the application merits progression to stage 2 of the process.

The membership of the DMP includes a representative of each registrar general. It may be necessary for the data delivery team to contact the applicant for further information or clarification during this process. It is possible that a meeting with the applicant may be necessary before any recommendation is made.

The DMP makes the decision on behalf of the registrars general on whether to invite the applicant to progress to stage 2 of the application process.

Step 3: Applicants are contacted by the data delivery team within two weeks of receipt of the application form to discuss progress. The length of time it takes to make a decision depends on whether there is a need to seek additional information from the applicant or elsewhere is required.

Step 4: Applicants who have not been invited to progress to stage 2 of the process are provided with the reasons for this decision. They have the option, if they feel they have grounds to do so, of requesting that the decision be reviewed.

Reviews are undertaken by the DDRI review panel (DRP), comprising officials representing the three registrars general who have the power to overturn or uphold the original decision of the DMP. This review process does not affect any rights that the applicant has to challenge a decision through established legal routes.

3.2 Stage 2: security assessment

Step 5: Applicants who are invited to progress to stage 2 are sent a security assessment form for completion. This should be emailed to the data delivery team when completed.

An invoice for the fee (£5,000) will be included with the security assessment form. Please note that the security assessment form is not processed until the fee has been received by the delivery team.

Step 6: The data delivery team reviews the security assessment form and, where necessary, may contact the applicant for further information or clarification. Members of the team or contractors working on behalf of GRO may visit applicant sites to confirm or clarify aspects of the applicant’s security procedures.

Step 7: When the security assessment has been completed and any further information gathered, the data delivery team makes a recommendation to the DMP on whether to approve the disclosure of information. The DMP makes the decision on behalf of the registrars general on whether to agree to the disclosure of information to the applicant.

Step 8: Successful applicants are sent a set of licence agreements to sign (there are three separate licences for England and Wales, Northern Ireland and Scotland) and an invoice for the first quarter’s payment of £14,250.

Step 9: Where the DMP recommends that an application has not met the required standards, the applicant, if they feel they have the grounds to do so, may apply to have the decision reviewed.

Reviews are undertaken by the DRP. The DRP can overturn or uphold the original decision of the DMP. This review process does not affect any rights that the applicant has to challenge a decision through established legal routes.

Step 10: Successful applicants receive their first delivery of death data following receipt by the data delivery team of the 3 signed licences and an initial payment of £14,250.

Step 11: Data is normally supplied securely online each Friday.

3.3 What data is supplied?

As the DDRI scheme started on 26 September 2008, it is also possible for new and existing licence holders to purchase the following data:

• gap data: a list of deaths registered between 1 January 2007 and September 2008. Gap data from England Wales and Scotland is available.
• back data: a list of deaths registered between the start of the scheme in September 2008 and when your licence was signed. Back data from England, Wales and Scotland is available.

3.4 DDRI customers

This is the list of existing DDRI customers:

• Capita Employee Benefits Limited
• CIFAS
• Diligenta
• Equifax Plc
• Equiniti Limited
• Experian Limited
• GB Group Plc
• Mortality Manifest Limited
• Synectics Solutions Limited
• Target Professional Services
• Tracesmart Limited trading as LexisNexis
• TransUnion

4. Registrar contacts

• England and Wales: datagro@gro.gov.uk
• Scotland: ddrischeme@nrscotland.gov.uk
• Northern Ireland: civilreg.nisra@dfpni.gov.uk