As we recently reported, the FTC expressed its opposition to a move by creditors of bankrupt XY Magazine to acquire personal information about the magazine’s subscribers, on the grounds that such a transfer would contravene the magazine’s privacy promises and could violate the Federal Trade Commission Act.  The magazine, which catered to a young gay audience, had a website privacy policy that asserted   “[w]e never give your info to anybody” and “our privacy policy is simple: we never share your information with anybody.”  Readers who submitted online profile information were told that their information “will not be published.  We keep it secret.”  The personal information at issue included the names, postal and email addresses, photographs and online profiles of more than 500,000 users.

As reported in BNA’s Privacy Law Watch, as a result of the FTC’s opposition to the transfer of the personal information, the parties entered into a consent order agreeing that the information will be destroyed before the magazine’s assets are sold.  The consent order called for the destruction to be carried out in a manner that will make the information “unreadable, undecipherable, or non-reconstructable through generally available means.”

This incident is a reminder of the legal significance of privacy promises made outside the context of an actual privacy policy.  It also highlights the need to anticipate changes in business circumstances (such as mergers or sales of assets) when making any privacy representations. Inappropriate commitments may prove damaging to the company, its investors and creditors.