Gotta catch ‘em all


18 August 2016
Michael Bishop of Commvault

Pokémon Go is all the rage at the moment. Many gamers in ASEAN – Brunei, Cambodia, Laos, Malaysia, the Philippines, Singapore, Thailand and Vietnam – can already be seen catching the Pokémon characters when the app launched in the region recently. 

While the app has used the disruptive nature of augmented reality to drive a further paradigm shift in how we use and interact with technology, it has also raised broader privacy concerns over the type and volume of information collected by the app. As a lawyer and technophile, I am both excited by the possibilities of augmented reality and concerned over these wider privacy implications.

 The personal data and information collected by the app is a critical, strategic business asset and a rich source of innovation and value. Companies that best manage that asset while enriching the customer experience do so through a holistic data management policy. That policy should offer a meaningful data privacy experience through informed consent and collection, rigorous data security measures that prevent unauthorised access, and compliance with applicable laws and regulations.

At the heart of privacy laws are the issues of control over your personal information and personal choice. However, with this app and other game-based apps, the take-it-or-leave-it nature of the terms and conditions means they are generally only seen as an obstacle to playing the game because there are no other options.

Some commentators feel it may reflect an increasing trend that users are becoming unconcerned or apathetic about sharing their personal information. When launched, the app’s terms allow access to the Google accounts of all iOS users, which include emails and private photos. Are users really apathetic about their private mails and photos being accessible or is the likelier conclusion that users are simply not taking the time to read the terms and understand the consequences?

Whichever conclusion is drawn, a key driver in any data management policy (particularly when collecting personal data) is whether sufficient security measures have been put in place to protect personal data, and the susceptibility of personal information to cyber-attacks. We have already seen hacking groups like OurMine carry out DDoS attacks on Niantic’s servers, causing significant downtime for Pokémon Go users. Another group, PoodleCorp, is threatening to carry out a DDoS attack sometime this month. These groups claim they want to highlight system weaknesses and teach the makers how to protect their servers. Regardless, attacks are becoming more prevalent and sophisticated, and companies may struggle to roll back reputational damage suffered from high-profile data breaches.

The world is changing at a rapid rate – as is the way we interact with the world around us and each other. Technologies such as augmented reality help to accelerate these paradigm shifts in how we use and interact with technology while simultaneously creating new forms of social networking that connect real and digital worlds.

However, rapid acceleration and adoption of new technologies will inevitably give rise to further privacy issues as more and more personal data is collected and shared. Users will likely demand more privacy options, more meaningful experiences and greater data security.

The drive will not only come from increased interaction with consumer applications like Pokémon Go – but also the increased legislative focus on the way companies hold, use and manage that data. For organisations tasked with management of personal data (whether provided consensually through consumer applications, or by necessity in the case of medical/employment/financial information at work) - now is the time to look at data management policies and make sure your business can scale and align with continuing technology shifts. The right policies will allow your business to exploit new technology-driven opportunities and maximise data assets without compromising user experience or data security.

* Michael Bishop is Commvault’s regional counsel, APAC.