With the new Pokémon Go app taking the world by storm, people all over Hong Kong are glued to their screens, zealously catching the little creatures we have loved since its creation in 1995. Numerous people walking the street, at their desks and maybe even sitting in Court are desperately trying to “catch ‘em all”.  What could possibly go wrong?

Amid the buzz, Pokémon Go has been the subject of security concerns for employers in Hong Kong as users who sign in with Google discover that the game has full access to their linked accounts, a privilege that should normally only be granted to applications we trust implicitly. The ability to view and modify nearly all the information on an individual’s account is arguably unnecessary, thus sparking the question of why Niantic Labs, the game’s producer, requires it in the world’s most installed and used app to date.

Niantic Labs has issued a defensive statement regarding users giving full access to their Google accounts by signing up to the game. Whilst stating that Pokémon Go primarily only uses basic account information such as login IDs, it clarified that no other account information has been collected for its own use. Furthermore, Google will soon reduce Pokémon Go’s access rights to only view the profile Pokémon Go requires, ultimately restoring people’s account privacy to some degree. But that is in the future and for now Niantic cannot (any more than any other employer) guarantee that none of its staff will “go bad” with the data to which it has access.

Of course there is no suggestion that Niantic has accessed or intends to access data unconnected with the game, but if you were the employer, would that necessarily provide the level of comfort you seek? Given the increasing number of employers adopting a BYOD policy and the growing trend to working remotely, should employers take extra precautionary measures to prevent access to their confidential and proprietary information by Niantic, or even impose a complete ban on employees playing Pokémon Go on any smart phones used for work purposes?  We think that an employer would be entitled to bar Pokémon Go from any phone which it provided solely for work purposes, but that it would be much harder to justify doing so in circumstances where through its BYOD policy it had expressly consented to staff using their personal devices in their work.

This is not just about confidentiality. The game could also pose a security risk by compromising the locations of its users. The Hong Kong Police Force has released an internal reminder to all its employees that the playing of Pokémon Go on police premises or in police vehicles is not permitted. It is imperative that officers conducting ambush raids and duties do not disclose their team’s location and safe houses through the simple mistake of playing the game (though in reality this same level of caution has to be taken with other location [sharing apps such as the “Find My iPhone” app or even the mighty Google Maps].   

Pokémon Go however, has created another more unique problem which could prove to be rather disruptive to some employers. The Hong Kong Hospital Authority is seeking help from the developer of Pokémon Go to ban the game at all public hospitals after crowds have flocked to play on the premises. Not only could the crowds delay emergency patients rushing in for treatment, but the game could also pose to be a distraction for hospital employees, who each have a job which requires utmost concentration and responsibility. The Authority said it would write to Niantic to request to “remove all game elements” such as Pokéstops and Pokémon Gyms from public hospitals to ensure public safety.  It will join the queue of other locations (Government offices, places of worship or remembrance, police stations, etc.) trying to retain safety, dignity and sanity on the way.

A ban on playing Pokémon Go in working hours would seem sensible and enforceable but the employer would need to ensure parity of treatment with other such distractions – a coffee or cigarette break, a quick look at CNN or eBay, etc. – if they were no less damaging to the performance of work duties.