Pokémon GO: New App Creates Risks For Employers

By Karla Grossenbacher, Esq and Parnian Vafaeenia. Esq. of Seyfarth Shaw LLP Your employees may be on a quest to catch aEUR~em all. Over 15 million people have downloaded the PokA(C)mon GO game since its release two weeks ago. In this augmented reality game, players use their mobile devices to catch PokA(C)mon characters in real-life locations captured by the camera in a useraEUR(TM)s cellular phone. Though the game is very popular with PokA(C)mon GO players, employers may not like the game quite so much. Data And Security Concerns There are data security concerns that arise from use of the PokA(C)mon GO app. First, users that want to play PokA(C)mon Go must sign in to the app. There are two ways to do soaEUR"through an existing Google account, or through an existing PokA(C)mon Trainer Club Account. Up until very recently, the PokA(C)mon website did not allow users to sign up for PokA(C)mon Trainer Club Accounts due to overwhelming demand. Thus, for most people, the only way to play PokA(C)mon GO was by signing in to the app with their Google accounts. Even though the option to create a Trainer Club Account is now available, doing so requires more time and effort than signing in through an existing Google account. On Monday July 11, it was discovered that users who signed in through their Google accounts were unwittingly giving Niantic LabsaEUR"the developer that created the gameaEUR"full access to the information in their Google accounts. This included access to email. The developer insists that it is not actually accessing all of the information in usersaEUR(TM) Google accounts and claims that an update that was recently released apparently limited the scope of NianticaEUR(TM)s access. Nonetheless, for employers who have employees that use Gmail accounts for work purposes, there has been and continues to be risks to information security presented by allowing such employees to play PokA(C)mon GO. To make matters worse, there is a malicious version of the PokA(C)mon GO program that includes a remote access tool called Droidjack. This tool, which was uploaded to a file sharing service on July 7, can give hackers full control over android usersaEUR(TM) phones. If a PokA(C)mon GO user is playing the game on the phone they use to send work-related communications or on which they store work-related documents, this means that hackers could conceivably access such communications and documents on infected android phones of PokA(C)mon GO users. This poses risk for employers as well. Workplace Safety Employers that have PokA(C)mon GO players in their facilities may also face safety issues. Niantic teamed up with Google Maps to put PokA(C)mon characters in real-life places. When a PokA(C)mon is nearby, the app informs the player of its location. Additionally, certain locations such as aEURoegymsaEUR? and aEURoepokA(C) stopsaEUR? are hotspots for catching PokA(C)mon. Certain characters in the game are harder to catch and more highly coveted than others, so finding one of these popular characters nearby often excites players, and they will aEURoehuntaEUR? them in a wide variety of physical spaces. As recent headlines have demonstrated, employees who are focused on the game while walking around work property could be putting themselves in danger of tripping, falling or otherwise injuring themselves while playing. Similarly, employees whose job duties include driving or operating heavy machinery, or whose jobs require them to work in the vicinity of heavy machinery, risk injury to themselves or others if they attempt to play the game during work hours. Indeed, there may be heightened safety concerns for certain employers in highly regulated environments like healthcare, where patient safety and health could be impacted by a distracted workforce. Indeed, even employers in the retail industry could suffer if their employees are too distracted to assist customers. Takeaways If an employeraEUR(TM)s workforce is using company-issued devices, employers can simply disable access to the app on company-owned devices. In fact, some employers have already taken this step. Though blocking the app on company-owned devices takes care of part of the problem, many employers have BYOD (Bring Your Own Device) programs and will have employees using the same device to perform work and play PokA(C)mon GO. Employers in this situation should consider the following steps:
  • Have employees install encryption software provided by the employer to protect sensitive data and agree to not modify the software;
  • Monitor or prohibit employees from accessing and downloading of external programs, apps and files or specific ones that pose security risks, like PokA(C)mon GO;
  • Review your safety policy to ensure it encompasses activities similar to safety risks associated with PokA(C)mon GO (i.e., limited use of handheld devices in hazardous work areas, etc.);
  • Create guidelines that prohibit employees from playing games such as PokA(C)mon GO during work time (even if it is downtime) and restrict when and where such games can be played on work property during non-work hours.
For additional information, please contact Karla at kgrossenbacher@seyfarth.com - (202) 828-3556 or your Seyfarth attorney, or any member of the Workplace Policies and Handbooks Team or OSHA Compliance, Enforcement & Litigation Team.

Meet The Experts

  • VIEW RATINGS FOR INSURERS
    Enter name of Insurance Company and press GO button.