Marcia Hofmann writes:
Last month, we wrote about a New Jersey case in which the former publisher of a magazine and dating website for gay youth had declared bankruptcy. He and his former business partners were fighting over ownership of various business assets of XY Magazine and XY.com, including extensive personal information about more than a million customers. XY’s privacy policies, however, had promised customers that their personal information would never be given to anybody.
The Federal Trade Commission warned (pdf) that any transfer or further use of the data would not only violate the privacy promises that XY had made to consumers, but would also likely be unlawful under the Federal Trade Commission Act, which prohibits unfair and deceptive acts and practices. The Commission suggested that the data be destroyed, which we agreed would be the best course of action.
We’re happy to report that this potential privacy fiasco has ended well for XY’s customers. The parties reached an agreement (pdf) under which the publisher is required to destroy all personally identifiable information about XY’s customers. He may keep a limited amount of data for a short time to authenticate the identities of customers who have ordered back issues of the magazine, but he may not use that information to contact or locate any customers.
Read more on EFF.