We are all familiar with privacy policies on websites, and how they all promise that they will never sell your information to a third-party, and your privacy is of great concern to them etc. etc. But, what happens when that site goes out of bankrupt? How long is that information protected for after a site closes? Where does it go? Have we rushed into this age of social networking only to discover we have left ticking time bombs of our personal data strewn across the Internet to come back and haunt us some day?

These are the exact questions currently being dealt with in the bankruptcy rulings for a now defunct social network for teens called XY.com. The company began as a print magazine that ran from 1996 to 2007 before going under, but it added a social network a few years ago that boasted over 500,000 members at the time it went under in Dec. 2009.

According to CNET, when company founder Peter Ian Cummings filed for personal bankruptcy protection in Feb. 2010, he did so without the benefit of a lawyer.  He listed that he currently has no income, a car worth $1500, no home and, oh yeah, a huge database of magazine subscribers and the complete membership information of half-a-million social network members.


Mr. Cumming’s creditors want that database as they know they could sell it for some cash, but someone brought this whole situation to the notice of the Federal Trade Commission (FTC).  The FTC pointed out that “any sale, transfer, or use” of XY’s personal information ” could be a violation of federal law, and due to the site’s privacy policy having stated during the time of operation, “We never give your info to anybody,” that it should be destroyed upon the closure of the site.

Shoshana Schiff, a partner with the Trenk law firm that is involved in this case, told CNET that “Any property listed on the debtor’s bankruptcy petition is property of the bankruptcy estate and my client intends to administer those assets for the benefit of creditors.”

In other words, this thing is a giant mess.  The FTC is concerned over privacy in general, but due to this site being involved with minors who are possibly concealing their sexual orientation, and minors in general, it gets even more complicated.  (See the whole FTC letter here as a PDF)  As a few have suggested around the Web, what if an anti-homosexual group was to purchase the list?  Families could find themselves inundated with mail, possible visits to their door depending on the severity of the group and so on.

Moving past XY.com, however, think back across all those social sites you have signed up for.  In my work as a tech blogger I have signed up for hundreds of sites, if not thousands.  I couldn’t even begin to remember them all, and luckily that means the majority of them I never told them more than my name and e-mail address, but couldn’t that be bad enough?  Yes, spam filters work wonders, but they aren’t perfect.  Now imagine it is a site I gave personal images to, or items I shared only with “friends” because I was lead to believe only they would see it.  Now imagine the site goes bankrupt … I think you’re getting the picture now.

At this time you may think this is only about a site for gay teens, but when you start thinking about possible other impacts, this is indeed a situation that needs to be sorted out as soon as possible.

From my own personal viewpoint, the database should be destroyed.  The consumers agreed to XY.com accessing that information, no one else.  The CNET article goes on to list all the possible personal lawsuits Mr. Cummings faces if he doesn’t hand over the database, but those are completely separate matters, and I imagine if the FTC says “you can’t do this”, a judge will say, “So, you wanted him to violate federal law to settle his debts … get out of my courtroom.”

In short, our privacy is never assured on the Web, and it doesn’t matter if it’s a site for gay teens or a knitting circle, if the information was given under the presumed protection of privacy, that is the way it should remain in perpetuity.

What say you?  What should happen to a user database upon a site’s closing?