Avast CEO , Ondrej Vlcek has announced that the company is terminating its Jumpshot business. The unit was called out earlier this week after it was exposed for selling data to large companies. Although Avast said that the data being sold was fully anonymised, it has faced a barrage of bad press as a result.
In a press statement Vlcek said: “Avast’s core mission is to keep its users safe online and to give users control over their privacy. The bottom line is that any practices that jeopardize user trust are unacceptable to Avast. We are vigilant about our users’ privacy, and we took quick action to begin winding down Jumpshot’s operations after it became evident that some users questioned the alignment of data provision to Jumpshot with our mission and principles that define us as a Company.”
Vlcek has acted quickly and decisively to deal with this situation. Given how long most companies take to deal with damaging situations, this is a lightning quick response. The question now is can this stem or even reverse the reputational damage this incident has caused for Avast?
What about those companies who were buying the data?
Since its acquisition by Avast, Jumpshot has been allowed to act as an independent business. This raises questions over how much oversight Vlcek and other senior managers at Avast had over this business unit. Did they oversee the collection and sale of data? Did they sign off the level of anonymisation? How much effort did their own analysts spend in proving that companies buying the data could not de-anonymise it?
The latter point is critical. There is a lot of evidence as to how little mixing of data is required to reverse the anonymisation. Avast needs to publish evidence of what it has done to prevent that. After all, if companies cannot remove the anonymisation, the value of the data would be limited. Publishing the research would also reassure customers and set a standard for other companies doing the same thing.
Vlcek has also reaffirmed Avast’s commitment to GDPR and other legislation. It would make sense, therefore, for the company to set out what destruction clauses it has in contracts with customers. This is not about naming those customers. It is about showing that the data will be deleted by third-parties who now hold it.
Avast has said that current Jumpshot customers should contact Deren Baker, CEO, Jumpshot. It has also committed to pay all of Jumpshot’s vendors and suppliers. Given the current financial climate, this will be welcomed by all those companies. It is further evidence that Vlcek is keen to draw a line under this incident as fast as possible and protect Avast’s business reputation.
Enterprise Times: What does this mean?
The tech landscape is littered with companies that failed to respond quickly to breaches and bad situations. The actions taken by Avast, once this all became public, have been quick and decisive. They show that reputation management can be done quickly and getting information out quickly and responding rather than hiding, works.
This does not excuse what can be seen as an error of judgement by selling the data in the first place but shareholders will hope it mitigates further problems. In the last week the share price of the company has plunged almost 30% . Since Vlcek announced the closure of Jumpshot, there has been a modest 4.5% recovery. It will be interesting to see if that recovery continues over the next few weeks.