If you use a computer, you likely have digital assets that should be addressed as part of your estate planning. Access to digital assets is governed by an evolving and complicated technical and legal framework, including federal and state computer fraud and abuse acts; copyright, privacy, and data protection laws; and terms of service agreements. New laws are attempting to clarify the authority of a decedent’s personal representative (a “fiduciary”) to access a decedent’s digital assets after a person has died, which is necessary for the fiduciary to marshal, collect, report, and distribute the estate assets, as well as to prevent identity theft and fraud. While the current legal landscape continues to present challenges for accessing digital information after a person dies, you can take steps during your lifetime that may significantly ease the administration of these assets in your estate.
What Are Digital Assets?
While no universally accepted definition of a “digital asset” currently exists, it is generally agreed that digital assets consist of information that is electronically stored or accessed on a computer, smartphone, tablet, server, or other computing device. Some common examples of digital assets include digital files, emails, photos, videos, music, client lists, bank accounts, currency (e.g., Bitcoins), domain names, websites, virtual gaming assets, software, social media accounts, shopping and auction accounts, and travel accounts.
Limitations on Fiduciary Access to Digital Assets
Access to digital assets is becoming increasingly necessary to account for all of a decedent’s assets, particularly as institutions and individuals move toward a paperless world. Digital assets also may have both sentimental and monetary value. However, even if a fiduciary can determine a decedent’s digital assets, the fiduciary faces a variety of impediments to accessing the assets – some of which could expose the fiduciary to civil or even criminal liability.
Usernames and Passwords
Usernames and passwords represent the first hurdle to accessing digital information. Online accounts require at least a username and password, and without this information, service providers are unlikely to grant a fiduciary access to accounts. Recovering or resetting online credentials generally requires access to the decedent’s email account and often to other specific private information (e.g., the answers to chosen security questions).
Federal and State Computer Fraud and Abuse Acts
Federal and state anti-hacking laws are designed to prevent unauthorized access to accounts. These laws also present a significant barrier to estate administration of digital assets because they may prohibit access even when the fiduciary possesses the decedent’s username and password. For example, the federal Computer Fraud and Abuse Act criminalizes “unauthorized access” to digital accounts. While the Department of Justice has suggested it will not expend its limit resources on these types of scenarios, reliance on the prosecutorial discretion of federal and state law enforcement agencies may not provide much comfort to a fiduciary.
Copyright, Commercial Privacy, and Data Protection Services
Accessing a decedent’s digital assets may also violate copyright law, the limited common law of privacy, trade secret law, and federal and state personal data protection statutes. For example, while the federal Stored Communications Act may be better known for its wiretapping provisions, it also prohibits Internet service providers from disclosing the contents of user accounts to private persons. A lawful consent exception permits service providers to voluntarily disclose account contents when the sender or recipient consents to the disclosure, but the boundaries of “lawful consent” have not been fleshed out in the context of an estate administration.
Terms of Service Agreements
The terms of service agreements of Internet service providers are frequently silent on the issues of fiduciary access or postmortem options, or they may simply prohibit postmortem transfer altogether. While this is changing, Internet service providers are a long way from adopting any uniform or comprehensive approach.
While a handful of states have attempted to address these concerns by statutorily granting fiduciaries some degree of access to digital assets, inconsistencies among state statutes will only create yet another problem for fiduciaries trying to access digital property.
In an effort at uniformity, the Uniform Law Commission, a nonprofit organization composed of attorneys appointed by each state, approved the Uniform Fiduciary Access to Digital Access Act (UFADAA) in July 2014. Delaware became the first state to adopt a version of the act. Similar legislation is pending in some states, but, notably, Virginia and several other states have rejected it. If adopted by a state, the UFADAA clarifies that fiduciaries have the authority to effectively step into the decedent’s shoes to access digital assets and accounts. The UFADAA also attempts to overcome the obstacles of anti-hacking and data privacy laws.
The Privacy Expectation Afterlife and Choices Act (PEAC) is a legislative alternative to UFADAA promoted by NetChoice, a trade association of eCommerce business and online consumers. A version of this act was introduced in the California legislature on February 25, 2015, and the Virginia legislature passed a similar bill, which is currently awaiting the governor’s signature.
Private Sector Efforts
The private sector is also beginning to address fiduciary access and postmortem options for digital accounts.
Recently, the social network Facebook rolled out an update letting U.S. users assign a Facebook friend as a “legacy contact” for their accounts, granting special postmortem access to the account. The legacy contact will not be able to post on the decedent’s behalf or see his or her private messages, but will be able to download the decedent’s archive, including all of the user’s photos, and post a commemorative note at the top of the decedent’s profile page.
Google has been the most innovative in this area, recently launching Inactive Account Manager, which allows account holders to tell Google what they want done with their Google accounts (e.g., Gmail, Google Drive, YouTube). Account holders can choose to have an account deleted after a certain number of months of inactivity, or they can designate a trusted contact to receive their data, among other options.
Private legal and commercial entities (e.g., PasswordBox (formerly Legacy Locker), SecureSafe) have attempted to provide account holders with options for digital estate planning. While these services fail to resolve all of the conflicts and obstacles faced by account holders and fiduciaries, they can be an important tool in conjunction with other planning.
Given this quagmire of legal and practical hurdles, careful forethought and planning is essential for your digital assets. In addition to regularly updating your estate planning documents to provide the most current administrative provisions for your fiduciary, you need to be proactive and personally take steps to facilitate identification and access to your digital assets in the event of your death or incapacity. These steps include (1) reviewing, inventorying, and backing up your digital assets, (2) preparing and regularly updating a list with account and access information, and maintaining the list in a secure, private location, (3) examining terms of service agreements to identify and give effect to postmortem transfer options, and (4) determining how you want your fiduciary and family members to access and manage your digital assets (including taking your privacy considerations into account) and providing written instructions for those individuals regarding your wishes.
Please contact us if you would like more information on this topic or would like our assistance with estate planning for your digital assets.