No one wants to think about their death, but it’s a fact of life. If you live a long life if it’s tragically cut short, at some point you will no longer be around.
Unlike previous generations, most people alive today will leave behind a digital legacy, mobile phone contacts and social media accounts to digital online photos.
Without proper planning, that legacy might end up causing more distress to your loved ones, with inaccessible social media pages, no control over comments being left, and possibly lost treasured memories.
The Data You Leave Behind
More and more of our life is being stored digitally; photos on our phones being backed up to cloud services and sorted into online digital albums, documents being stored online, address books and contact information in our phones and social media holding details of conversations with our friends and family.
While we’re alive and have full access to our memory and our devices, the security that is used to keep hackers out of these online services (mostly) does exactly what it is meant to. We can access the content freely and easily, others can not.
But what happens if you pass away or suffer a life changing incident that means you can’t access your data again? Do you want your loved ones struggling to get access to your online accounts when you can’t?
The General Data Protection Regulation state that the GDPR only applies to you while you’re alive. Once you’ve died, personal information is no longer protected, and it’s up to each country to decide how that data should be treated.
This Regulation does not apply to the personal data of deceased persons. Member States may provide for rules regarding the processing of personal data of deceased personsGeneral Data Protection Regulation
The UK’s data law, the Data Protection Act 2018, does not make any provisions for data belonging to a deceased individual either.
Personal Information is any information relating to an identified or identifiable living individualData Protection Act 2018
It’s obviously not quite that clear cut. While your online photos will generally not affect other individuals privacy, granting access to a deceased person’s social media account means you are granting access to personal information of any contacts the deceased was connected to, and this could potentially breach the GDPR.
Until the UK Law deals with the issue of data ownership and access rights after death, it’s prudent to make your own provisions to ensure you have a say to what happens to your data after you die.
Where There’s A Will
You might not think about making a will, you might consider your assets and affairs don’t require one, but making a will and leaving an associated letter of wishes should be something you do regardless of your situation.
In your will you should include you wishes to grant various people access to your social media and other digital accounts (banking, cryptocurrency, household utilities etc) but leave the details of how to access the accounts in an associated Letter Of Wishes, this can be more easily updated if/when you change your logon credentials for example.
In the letter of wishes you can include details of the location of a secure password vault, and the means to access it. You can also put other various pieces of information; who should (and should not) be notified of your death, information on how you want your trustees to manage your estate, how you want guardians to bring up your children and so on.
Password Management Services
Keeping an online, up-to-date password vault means that you can pass on the login details for your accounts and services after you die or otherwise become unable to access them. It’s also the absolute best way to make sure every password you use is unique and very complex – you don’t need to remember them, the vault does that for you. We wrote a post on this here: Do you want to know more?
Using a service like LastPass is good for basic user account information, the data is stored on the LastPass servers. Another similar service is 1Password which stores your data in an online encrypted store.
KeePass is another password vault, but unlike LastPass and 1Password, you can store different types of information and add comprehensive notes and attachments. KeePass data is saved in a standalone database, so can be saved into various online and offline locations (you can use synchronisation plugins to keep them all up-to-date) The database is encrypted with a master key.
These services can be integrated into your browser and smartphone, meaning they can automatically fill in user credentials on websites and apps, a great way to make sure you use complex unique passwords for every service, and only have to remember one password!
There are other password storage services, like the ones built into your browser or smartphone such as Chrome’s password manager that syncs across your google account. They all have their own storage solutions and uses, but are typically not as encompassing and manageable as dedicated third party services, or may not have the same level of security, putting your account passwords at risk.
Access To Your Accounts
You should leave enough information so that your know loved ones will be able to access your password vault.
If you’re using an online service like LastPass, they’ll need to know the name of the service and the logon information.
If you’re using an offline service like KeePass, they’ll need to know the name of the service, the location of the database file and the logon credentials for the database.
Don’t leave the credentials in plain text for obvious reasons, instead make the credentials sufficiently complex, but easy enough for your family to work it out. (and don’t forget to update the details if you later change them)
You can leave the access details in your Letter Of Wishes with your will, and/or on a memorialised system like the Google email service (see below) that will send a message automatically on your behalf.
So the clue you leave might be “username is my nickname then an underscore and the year we first met” (obviously make sure you get the year right for many reasons!) and for the password “Password format is 9999%AA99aaa%Axxxxx and is the last four digits of my mobile phone number, the email sign, my first car registration number (matching the case), the star sign and the first word from the title of my favourite film“
This should be sufficient to allow your family to be able to find and access your password store, from there they can log into your accounts and carry out any additional wishes you may have made.
Quite a few online services have considered what should be done with your online digital data once you are no longer able to manage it yourself. Some will simply freeze the account and put restrictions in place, others allow you to pre-configure actions.
We particularly like the Gmail way of configuring an account that’s not logged into for so many days, particularly the email facility. Combined with an encrypted attachment, this could be a secure way of passing on your account credentials if you are no longer able to access the information.
Facebook have a facility to memorialise and account if the account holder passes away. This locks the account down but keeps it visible so friends can family can share memories to it.
It’s a good idea to add a legacy contact to your account, this is someone who can manage your account once it’s been memorialised. A legacy contact can put a pinned post on your memorialised profile page, manage and delete tribute posts, see posts that your account is tagged in, respond to friend requests and generally manage your account. They can see all your posts (even ones set to private) but won’t be able to read your facebook instant messages.
To add a legacy contact, go into your Facebook settings, click EDIT next to Memorialization Settings and then type in a friends name and click ADD. Here you can also set if your legacy contact can download a copy of your Facebook data once your account is memorialised, and request that Facebook delete your account rather than memorialise it.
A memorialised account has ‘Remembering…’ in front of the owners name. It can still be tagged in posts and photos, and content you created will remain on Facebook unless the account is deleted. If you were the admin of a page on Facebook, that page will be deleted once your account is memorialised.
Once an account is memorialised it can not be logged into, even if your family have your login details. If you have not appointed a legacy contact, your account will not be able to be changed in any way.
To notify Facebook that a user has passed away, and change the account to a memorialised one, a friend or family member needs to contact Facebook via the memorialisation request page and send a copy of the death certificate.
If you are an immediate family member, you can request the account be removed rather than memorialised. To do this you need to send Facebook proof of your relationship to the account owner.
People with Google accounts can use the Inactive Account (IAM) Manager to determine what should be done if they can no longer access their account. This needs to be setup in advance so Google knows what your wishes are.
If the IAM is not setup, immediate family members can submit a request to Google to close a deceased person’s account, obtain information from their account and request a return of any funds in their account.
Inactive Account Manager
The Inactive Account Manager can be configured to manage your Google data if you can’t log into your account.
You can access the Inactive Account Manager Here: https://myaccount.google.com/inactive
You can choose how long your account needs to be inactive (inactivity is determined by a combination of last sign-in, activity listed on your Google Activity log and logins from Gmail and Android) before the Inactive Account Manager takes over.
Once the Inactive Account Manager takes over, the first thing you can set it to do is send an email and text message to you to check you’re not available. If there is no response to these communications, the Inactive Account Manager will then carry out your instructions.
This can include an automated email from your gmail account. You can email upto 10 people and you can grant them access to various Google services, such as your photos store, contacts, Google Drive, Hangouts, Maps, My Business and so on (see the Google Dashboard below) Google allows you to add the recipient’s phone number for verification before they can access your data, and you can add a personal message which will be sent to the recipient.
This is a great opportunity to include the details of your password vault, but make sure you keep it up to date if you change the service, location or credentials.
You can also configure an automated reply if you use your Gmail account, informing anyone who emails you, that you are no longer using this account.
Finally you can instruct Google to delete your account and all your data after three months.