pokemango.2016.jpgParagon's Christopher J. Michael shares insights on trends, technologies and strategies in information governance, information management and more. What does he think of Pokémon GO?

Pokémon GO has only been out for about a week and is not just a hit game but a phenomenon already as popular Twitter, Snapchat, and other top social media platforms.

What is Pokémon GO?

Pokémon GO is an augmented reality mobile game that allows players to catch, train, and battle creatures called pokémon that are superimposed onto the real world. The game uses a smartphone’s GPS to detect the player’s location so that players can find pokémon in real places. Players travel to real life areas such as stores, museums, and movie theaters which in the game are gyms and PokeStops where these pokémon trainers can battle and collect items. Although “just” a video game, Pokémon GO highlights real Information Governance challenges that we must confront in this day and age.

Emerging Technologies

Personal mobile devices such as laptops, tablets, and smartphones have led to the development of the cloud, the internet of things, and augmented reality games like Pokémon GO. These new technologies provide both value and risk. Pokémon GO may be a fun game that gets people out of the house to experience the real world, exercise, and meet new people. However, there is the risk in getting hurt by not watching where you are going while playing the game, being a target for theft, or having your Personally Identifiable Information (PII) collected and used for whatever being the game developers - or those who buy or steal access to this information - want.

pokemongo.2016.jpgPokémon GO is not the first augmented reality game that uses mobile devices.

An earlier game called Ingress was made by Niantic, the same company behind Pokémon GO. The concept of augmented reality is similar to the internet of things in that it meshes the physical and digital worlds to create new experiences and opportunities by collecting and exchanging data. There has already been much controversy about how and what data Pokémon GO collects as well as where people play it. It usually takes time for the law and governance to catch up with technology. However, policies and governance should come first as drivers with technologies following behind.

Your Big Data

Pokémon GO collects a vast amount of information from those who play it. The app asks users for access to the device’s camera, contacts, GPS location, and SD card. The sign-up process also requires the user to have a Google account and asks for a date of birth. While many other popular apps make large asks when it comes to device and data permissions, Pokémon GO requires an active WiFi or GPS signal in order to play the game. This means that it has to know who and where you are all the time. There have been location-based apps before such as Foursquare, Pokémon GO’s street by street map data and surging mega popularity, will make it the most detailed location based social graph. Collection of all this personal data leads questions on the ethics of how this data is used and by whom.

Your Big Privacy

Any privacy policy is better than not having a privacy policy because at least users know what is required of them and what happens to their information. Pokémon Go has a privacy policy which states that the company collects your personal data such as your username, email address, IP address, and location. It also owns this personal data and can sell/distribute/share it with any third parties.

Although this is a free game on the surface, you aren’t paying for money but the information about yourself you are giving up. Users can read the privacy policy then make an informed decision as to whether or not they feel these asks are worth it to play Pokémon GO. Playing the game means you could end up on private property as there has already been reports of buildings that were churches or stores but now homes being visited by Pokémon GO trainers. Pokémon GO uses the phone’s camera to see pokémon "appear" in the real world. Capturing video of everything a player sees could implicate privacy law if it is done in a private place such as a home or bathroom.

Not surprisingly, Pokémon GO has yet to be released in all of Europe which is still working on the Privacy Shield. There is also talk of Pokémon GO having partnerships with companies like McDonald’s that would make all their restaurants PokeStops in the game. This could lead McDonald’s having access to this PII as part of the deal.

Your Information Security

Pokémon GO would be a treasure trove for hackers given all the data and PII that could be obtained, especially as the game grows and continues to be played. This is particularly problematic as many players are children. Already a robbery was committed with robbers anticipating the location and seclusion of victims. In this case Information security goes beyond data breaches but now can be linked physical harm based on the information gleamed from the app.

What's more, there was a glitch in the game which has since been patched that allowed Niantic to access your entire Google account if you used that to sign in on an iOS device. This means that Niantic could have read/write access to your email, Google Drive Google Docs, and more. If the Niantic servers are hacked, whoever hacked the servers would potentially have access to entire Google accounts. While the bug has been fixed there are still serious security and privacy concerns. 

Constantly evolving new technologies, companies collecting and storing PII, and information security concerns are all around us and Pokémon Go is simply another reminder of that - watch out! Information governance, and your privacy, is no game. 

Information Governance will become even more important as more technologies like this are released, catch on, and become the new normal.