This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
Pokémon Go is all the rage at the moment. Many gamers in Asean - Brunei, Cambodia, Laos, Malaysia, the Philippines, Singapore, Thailand and Vietnam - can already be seen catching the Pokémon characters when the app launched in the region recently. Despite some commentators expressing concerns about the privacy implications of the app and others like it, the game is estimated to have been downloaded over 100 million times worldwide. However, there continue to be wide-ranging concerns over the manner the app is said to gain access to users' private data.
While the app has used the disruptive nature of Augmented Reality to drive a further paradigm shift in how we use and interact with technology, it has also raised broader privacy concerns over the type and volume of information collected by the app. As a lawyer and technophile, I am both excited by the possibilities of Augmented Reality and concerned over these wider
The personal data and information collected by the app is a critical, strategic business asset and a rich source of innovation and value. Companies that best manage that asset while enriching customer experience, do so through a holistic data management policy. That policy should offer a meaningful data privacy experience through informed consent and collection, rigorous data security measures that prevent unauthorised access, and compliance with applicable laws and regulations.
At the heart of privacy laws are the issues of control over your personal information and personal choice. However, with this app and other game-based apps, the take-it-or-leave-it nature of the terms and conditions means they are generally only seen as an obstacle to playing the game because there are no other options.
Some commentators feel it may reflect an increasing trend that users are becoming unconcerned or apathetic about sharing their personal information. When launched, the app's terms allow access to the Google accounts of all iOS users, which include emails and private photos. Are users really apathetic about their private mails and photos being accessible or is the likelier conclusion that users are simply not taking the time to read the terms and understand the consequences?
Whichever conclusion is drawn, a key driver in any data management policy (particularly when collecting personal data) is whether sufficient security measures have been put in place to protect personal data, and the susceptibility of personal information to cyber-attacks. We have already seen hacking groups like OurMine carry out DDoS attacks on Niantic's servers, causing significant downtime for Pokémon Go users. Another group, PoodleCorp, is threatening to carry out a DDoS attack some time this month. These groups claim they want to highlight system weaknesses and teach the makers how to protect their servers. Regardless, attacks are becoming more prevalent and sophisticated, and companies can struggle to roll back reputational damage suffered from high-profile data breaches.
Sign up for CIO Asia eNewsletters.