In addition, planners should consider the effect of cybercrime laws, like the Computer Fraud and Abuse Act, California’s cybercrime and identity theft laws. They should also account for service providers’ terms of service. A service provider could take the position that a personal representative’s use of a decedent’s password to access an account after death is a violation of its terms of service. The service provider might also say that using the decedent’s account violates cybercrime laws. On the other hand, the personal representative could contend that he or she steps in the shoes of the decedent for purposes of authority to access the account. Moreover, the personal representative may have documents signed by the decedent authorizing access to online accounts.
There seems to be a gray area regarding the legality of post-death access to accounts. Nonetheless, the Nicholson article mentioned above in Section III suggests to service providers
that they should make plans for death and disability by allowing users to name a contingent authorized user who has the authority to access the account. In the absence of clear procedures for contingent authorized users to an account, where online services warn of criminal liability for unauthorized access to accounts, it may be prudent for a personal
representative to avoid simply accessing the account following the decedent’s death using the decedent’s password. In such cases, it may be best to obtain the court’s instructions permitting the access.