You cannot swing a dead cat without hitting someone who is downloading and playing the new Pokémon Go game for smartphones (forget the cat, you probably bumped directly into them because they are not paying attention to their surroundings). News broke recently that if you are playing the game on your iPhone, you may be handing over all of your personal data from your Google account to the company that created the Pokémon Go app. This was apparently not in the design. The company is working to correct the error in the programming stating, "Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access."
Talk about a cautionary tale for companies and customers, alike.
Companies need to build privacy and security into all aspects of their products. I have long written about companies embracing Privacy by Design principles and think carefully about how their goods and services will collect and use personal data-BEFORE they reach the marketplace. Furthermore, this privacy analysis has to consider what risks come with partnering with another company or application with a connection to another database of personal data. I am not saying companies shouldn't partner or use such features as the one's creating problems for Pokémon Go —obviously customers appreciate the convenience of shared log-ins and other benefits. However, companies need to think through the entire transaction before they roll their product out the door. And nowhere is this approach needed more than in the world of mobile apps, where research and development timelines can last a whopping couple of hours as opposed to months and years in more traditional applications and products.
Maybe I am wrong. Obviously people have no trouble giving up their personal information in return for a pleasurable distraction with cartoon characters. Furthermore, Nintendo is not hurting as its stock price soars as a result of the game's popularity. But not all products are this popular nor create the hysteria this game has. The majority of (smaller) companies make less exciting products. Products into which consumers (and regulators) might not be overwhelmed with the fever to overlook what those products do with personal data. For these companies, thinking about privacy and security and building them in up front will help to keep their doors open and business growing.
More sales? Gotta "catch 'em all."