Risk managers must scramble to catch all Pokémon Go liabilitiesReprints
The international Pokémon Go craze is creating a host of potential malware, privacy, property and workers compensation issues, among others, that risk managers should immediately address, say experts.
The augmented reality game developed by Niantic Inc. in partnership with Nintendo Co. Ltd. is available free to smartphone users and encourages its participants to capture its monsters in “gyms” that could include private property.
Some of the applications that purport to provide help to players contain malware, said Alan Brill, senior managing director at Kroll Associates Inc. in Secaucus, New Jersey. There have also been reported instances of “phishing” involving the game, he said.
“Depending on what's on the phone, the bad guys may be able to access data on the phone, and if it's the employer's data, it's really an uncontrolled potential leak situation,” he said.
Philippe Weiss, Chicago-based managing director of Seyfarth at Work, the compliance training and consulting services affiliate of Seyfarth Shaw L.L.P., said businesses also face potential liability as game participants wander into facilities where they may endanger themselves.
“Both employees and third parties are racing all over the landscape in search of Pokémon,” which creates possible liability issues if they get hurt, said Mr. Weiss.
“We have an agricultural client, and they had an issue because someone was chasing one of these Pokémon creatures and almost fell into a grain elevator,” he said.
Another report was of an employee leaning out of the window to get better reception, Mr. Weiss said. There is also the danger of employees hurting someone if they are playing while driving during work hours, Mr. Brill said.
People are also recording what they see through their smartphones which could create privacy issues, Mr. Weiss said.
Mr. Brill said risk managers should work with company counsel to develop policies to address the phenomenon. These can include forbidding playing the game on a company-owned device, while driving or during work hours.
Having such policies in place “at the very least would provide the company with evidence that it had thought about it and tried to give people advice to protect themselves,” he said.
In addition, firms should also alert their security people to head off participants going into unauthorized areas, Mr. Weiss said.
“They must find ways to respectfully reroute people to the outside, where they should be playing,” he said.