After receiving a letter from David Vladeck, the Director of the Bureau of Consumer Affairs at the Federal Trade Commission, a bankruptcy judge allowed the destruction of personal information of gay teens who subscribed to the now defunct XY magazine.

After the magazine and its companion Web site folded, founder Peter Ian Cummings filed for personal bankruptcy. He listed editorial content from the publications and personal information from subscribers and users – including e-mail addresses, names and street addresses, personal photos, and online profiles – as part of his assets.

After two creditors expressed interest in purchasing the information, the FTC intervened and warned all parties that the sale, transfer, or use of the information could violate federal law in light of XY’s privacy policy, which read: “Please note our amazing privacy policy. We never give your info to anybody.”

The Director wrote that “any sale or transfer of the data to a new company, new owner, or other third party would directly contravene the privacy representation and could constitute a deceptive practice by the original company or its principals. Such practice also could be unfair. In addition, the receipt of such data by a third party, knowing that such receipt violated the privacy policy, could be unfair.” Given the sensitive nature of the information, it should be destroyed, Vladeck said.

In response, Michael Kaplan, the U.S. Bankruptcy Judge for the District of New Jersey set a 14 day timeline for the destruction of the data and ordered that Cummings destroy all personally identifiable information “by shredding, erasing, or otherwise modifying the personally identifiable information…to make [it] unreadable, undecipherable or nonreconstructable.”

Cummings must then certify with the court within five days that the data was destroyed.

To read the bankruptcy court’s order, click here.

Why it matters: The story highlights the importance of a company’s privacy policy and the fact that it can be enforced even when the company no longer exists. When drafting a privacy policy, companies should consider the impact future changes – bankruptcy or the sale or transfer of information, for example – could have on any promises that have been made. It also provides another example of the FTC’s monitoring of privacy issues.