Personally Identifiable Information

Oliver Back
min read

Personally Identifiable Information (PII) at Deployed

Contracts, terms of service, and policies for Deployed's products and platforms refer to "Personally Identifiable Information" (PII). This is a different categorization of data from what the EU General Data Protection Regulation (GDPR) refers to as "personal data".

What Deployed considers PII

Deployed interprets PII as information that could be used on its own to directly identify, contact, or precisely locate an individual. This includes:

  • email addresses
  • mailing addresses
  • phone numbers
  • precise locations (such as GPS coordinates - but see the note below)
  • full names or usernames

What Deployed considers PII in Statements of Work.

Information in the list above is often included in statements of work, particularly in time and materials contracts where resource names are required to be listed:

  • named resource
  • key personnel
  • escalation
  • governance
  • supplier manager
  • client manager

There typically is a requirement for additional personal information where the client requires the provider to provide information on right to work or identification for systems and physical access. In all cases, this is classified as personal data because it is possible to identify a living individual from the combination of the name email address and workplace.

Clients and Providers who access the Deployed platform need this information to be included in the Statement of Work in order to perform their function.  Our clients confirm that processing of this information is lawful or that when they engage staff and or subcontractors, that they have included consent language when it collected that information to be included in the SoW.

PII risk in emails and offline document sharing

Deployed is a collaborative platform where all sharing, commenting and responses are tracked within the same secure space. All interactions are traceable against specific login and user admin.

Deployed see a substantial, if unrealised, risk in the informal sharing of documents handled via email from large numbers of users and therefore the risk of that personal data embedded in those documents.

In principle there may be some legal risk; in practice, it may not be a significant risk if the individuals concerned are unlikely to care about their email address being shared. But in the worst case scenario, where somehow that personal data is compromised or shared with the wrong people or misused in some other way, perhaps that individual would have grounds for an ICO complaint.

Removing the need for email sharing of documents with PII should be a goal of clients and providers alike.


Deployed interprets PII to exclude, for example:

  • pseudonymous cookie IDs
  • pseudonymous advertising IDs
  • IP addresses
  • other pseudonymous end user identifiers

Note that data excluded from Deployed's interpretation of PII may still be considered personal data or personal information under the GDPR, and other privacy legislation.  This position does not affect any contract provisions or policies relating to personal data or personal information under those laws.

Share this post

Subscribe to our newsletter

Join our newsletter to stay up to date on features and releases.

By subscribing you agree to with our Privacy Policy
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Work begins before it starts®

Contact the team at Deployed to get more information about learning, automation, or platform demos.

Work begins before it starts®

Contact the team at Deployed to get more information about learning, automation, or platform demos.

Work begins before
it starts®

Contact the team at Deployed to get more information about learning, automation or pilots.