• by Wendy Davis , August 12, 2010

A bankruptcy judge has agreed to allow the defunct XY Magazine, aimed at gay teens and young gay men, to destroy subscribers' personal information -- including their online photos, anecdotes and profiles -- rather than turn that information over to creditors.

The magazine's owner, Peter Ian Cummings, who declared bankruptcy in February, said in court papers that the disclosure of either subscription lists or information about users collected online would threaten public safety. But two former business partners of his claimed that they were entitled to the information.

News of the dispute reached the Federal Trade Commission, which said the data should be destroyed. Consumer protection head David Vladeck said last month in a letter to the creditors that transferring the data would be problematic even if the only reason they wanted the information was to restart the magazine or accompanying Web site. "Subscribers and members were told that their personal information would not be sold, shared, or given away to 'anybody'," he wrote. "Therefore, any sale or transfer of the data to a new company, new owner, or other third party would directly contravene the privacy representations and could constitute a deceptive practice by the original company or its principals."

The magazine, which folded in 2007, assured subscribers that it would never reveal their names, boasting: "Please note our amazing privacy policy. We never give your info to anybody." In fact, the publisher went so far as to assure its readers -- particularly teens living with their parents -- that copies were mailed in shrink-wrapped black plastic.

The company's Web site, which went dark last year, likewise promised users that any information submitted online would be kept secret.

Cummings had argued in a court filing that a privacy breach "would constitute a 'ticking time bomb' that could never be reversed."

The court order, entered earlier this month by U.S. Bankruptcy Judge Michael Kaplan in the District of New Jersey, provides that the data is to be destroyed "by shredding, erasing, or otherwise modifying the PII [personally identifiable information] ... to make such PII unreadable, undecipherable or nonreconstructable."