Good for Path – In response to the address book issue from yesterday that sent the tech press into a romper room hissy fit (no offense, hissy fits are fun sometimes), they’ve decided to take the very simple and most effective remedy: nuking all the data.

Path’s blog post on the decision is here.

This is exactly what I recommended yesterday, although Path had come to the same conclusion independently. I had reached out to CEO Dave Morin before I posted last night but didn’t reach him. But we spoke very early this morning and he told me that they had already begun deleting all the data, well before I wrote my post, and would announce it later today.

As my partner MG Siegler says, there was absolutely nothing nefarious about this, but it shouldn’t have happened regardless.

I’m extremely proud of the way the company handled itself yesterday and today, and I’m more proud than ever to be an investor. Companies (people) screw up all the time. It’s how they handle themselves in a crisis that shows what they’re really made of.

The story of the day is definitely about Path (a CrunchFund portfolio company). The company has been copying address book information to their servers without user knowledge.

The company was apparently already aware of the issue and was taking steps to address it prior to this post coming out. The Android app has an opt-in, and a version of the app with an opt-in is awaiting approval at Apple, says CEO Dave Morin in the comments to the original post. Morin has also flat out apologized.

This is a common problem with apps, due in large part to the fact that Apple doesn’t consider the data as sensitive as, say, location information. To get location info the app must alert the user and get their permission on screen. There’s no such requirement for address book data.

There’s an app coming that allows users on jailbroken phones to monitor and intercept when address book information is being exported, at least when it’s being done in the most common way.

But What About Path

A lot of users just don’t care about their address book integrity, they know that it’s been exploited, repurposed, shared and siloed for a long, long time. The argument that Facebook has always made is that it isn’t really your data since it includes personal information of others. So it isn’t really yours to control. The only way that mess ever gets sorted out is the courts, after a lot of guided lobbying-fueled meddling (or lack of meddling) in the legislative branch.

But back to Path. Their apps should soon be opt-in only for address book data, and a lot of users will want to send it to help Path find your friends and invite them to the service. Users can also ask Path to remove the data immediately – “In the meantime, if you would like your data deleted from our servers please contact our service team at service@path.com.”

Which is nice, but I’m wondering if there’s a better solution to this. Path should just state that they’re nuking all collected address book data for all users right now. Remove it from their servers entirely.

It definitely sends the right message to users – you can trust this company with your data. They’ve apologized and they were already in the process of fixing the issue. It seems like the perfect last piece is to remove all that data from their servers. And I doubt it’ll take them all that much time to collect the data all over again, this time with user permission.

And in the meantime, perhaps Apple will begin to protect address book data as closely as they do location data, which would eliminate this problem for users on all apps in the future.

Update: Data nuked.