Most people know they need to have a will, and that it’s a good idea to pre-plan their funerals and make other arrangements because one day, every one of us will die.
But there’s another aspect of planning that needs attention also — your online life — the Federal Trade Commission said Friday
All the digital files, photos, posts and other accounts you leave behind might cause a lot of inconvenience – even fraud or identity theft – for your loved ones to clean up.
Do you really want your Facebook account to outlive you? What will happen with access to your online bank accounts?
Here are a few tips from the FTC to figure out a plan for your online life after death.
Count your accounts. Make an inventory of your digital life, including accounts for email, social media, blogging, gaming, and cloud storage. Set up a spreadsheet or other file to keep track of each site’s name, URL, your user name, password, your wishes for each, and other information that might be necessary for access. Some of your accounts may involve money – either real-world or online currencies – and may require additional attention. Don’t attach your inventory to your will which becomes a public document after your death.
Get in the know – now. Many accounts will let you make arrangements now or name someone to manage the account after your death. Research your options.
Who can help? You might want to name a digital executor to handle all these tasks after your death, preferably someone who has experience with online accounts and will understand how to carry out your instructions – or make decisions about issues that you might not have foreseen. You can select a friend or family member to be your digital executor or you can hire a third-party service to help you.
Search “online life after death” or “digital” and “afterlife” or “legacy” or “executor” to learn more.
“I leave my MP3 collection, Apps library, e-books and Facebook content to…”
When we think about our assets, we usually think about our bank accounts, reals property, retirement accounts, and personal property and so on. But in this age of digital information, most people have sizable portfolio of digital assets. These can include our MP3 collections, iTunes and Apps libraries, e-books, photos as well as and other digital media. It may also include things like our Facebook, Twitter, and Instagram posts and online blogs. What happens to these things after we die? Who gets to access our emails and Twitter accounts? Can we leave our e-book and app collections to our family member or friend? These are not issues that we can really look to history and precedence for guidance. The idea of digital assets did not even exist until the last few years!
Most states and the federal government are still struggling with this issue. In July of this year, the Uniform Law Commission approved the draft of the Uniform Fiduciary Access to Digital Assets Act. The Uniform Act is not a law, and it is up to states to decide if they wish to adopt the Uniform Act or their own version of it. The Uniform Act greatly increases access to a deceased person’s digital assets, including emails, unless there are contrary instructions in the deceased person’s will. Moreover the Uniform law supersedes any provisions contained the terms of service or other end-user agreement.
Recently, Delaware became the first state to pass legislation related to how digital assets are dealt with after a person’s death. The Delaware Fiduciary Access to Digital Assets and Digital Accounts Act is modeled after the Uniform Act. It allows personal representatives of the estate of a deceased person the same access to the accounts and digital assets of the deceased account holder as the account holder had him/herself. While this statute may raise many privacy concerns, it does greatly increase access to the digital assets of a deceased person and increases ease of estate administration.
In Pennsylvania, a bill was introduced in 2012 that would allow the personal representative of an estate the power to “take control of, conduct, continue or terminate” a deceased person’s social media account. This act was never passed and currently there is no guidance in the Pennsylvania legislature on how a person’s digital assets can be effectively disposed of after their death.
In the absence of legislative guidance, user agreements will determine who may access to digital assets after the death of an account holder. This may prevent the family members and loved ones from being able to access valuable information held by the deceased. Moreover, there may also be confusion if a person will or other testamentary document leaves instructions that are contrary or in conflict with the end-user agreement with the service provider. This, in the absence of further guidance is received from lawmakers, it is very important to have estate plans that allow the personal representative of the estate to have fullest flexibility to communicate with the service providers and have access to your digital assets in the event of death or incapacity.
As Web-based engagement for business and personal reasons becomes more prevalent, the risk for a breach to your privacy and data security increases. Not a month goes by without us hearing about a privacy breach compromising people’s financial identity, and the Federal Trade Commission estimates that at least 11 million people are the victims of identity theft every single year. More and more, identity theft is happening in a virtual realm as a result of careless personal habits as it relates to data security. Every minute of the day, thousands of Americans are exposed to phishing, spyware, malware, and other types of malicious Internet activity aimed at stealing their identity to use mainly for financial fraud. It just takes one moment of carelessness to place you or your loved ones in a vulnerable position that may take years and many hours of hard work to correct.
Data security crimes are so common and so disruptive that many companies offer insurance to protect individuals from the aftermath of having their identity or other important documents stolen digitally. Protecting your online data goes beyond protecting your identity. Many people store a myriad of personal documents on the cloud and maintain ongoing conversations via text or email that may contain information that should be kept private. If you are concerned about online data safety, then take into account the following best practices to help you keep your personal and professional data from falling into the wrong hands.
According to David Perera, a journalist focused on tech and trends, much of what we are told about password security is difficult to implement and not necessarily aligned with the way we operate in our daily lives. For most of us, having a different password for each account is unrealistic, given that the average person interacts with over 100 password-secured websites. It absolutely makes sense, in theory, to have complex passwords with no association with our names, addresses, or commonly known personal information. We should also refrain from the most common and most damaging mistake of using standard passwords such as “123456” and “password.” (Take a look at this article on CBS, highlighting the 25 most popular passwords for 2013.) But how can you keep track of so many passwords while relying on memory and making sure your passwords are secure? A great alternative is to think about passwords in tiers. That is, the security level needed for each website or environment determines the type of password you are likely to use. On sensitive environments such as bank accounts or trading accounts, you may want to go all the way, and refrain from patterns or reusing common words or passwords. As for other less important websites that require a password, you can tier it by resorting to passwords that are still complex and unique, and make use of special characters that you are still able to recall.
Mobile-device use is on the rise, and with it comes the increased risk of having a data-security breach. When it comes to your mobile devices, caution and mindfulness are essential to keep your personal information safe. Let’s start with the basics. More than 50 percent of data-connected cell phone users don’t use a password on their device, making it extremely vulnerable should the device be lost or stolen. Another habit that puts your personal data at risk is having your cell phone or mobile device set to auto-connect when it finds an open wireless network. Finally, if you are engaging with a variety of websites and apps, then it is very important that you verify the authenticity of a website and make sure the portal is secure (the URL should read https instead of http). When downloading apps, carefully review the data each app wishes to have permissions for. Many apps are highly intrusive of your privacy, asking for ongoing access to all manner of communications taking place from your device, and even taking the liberty to post on your behalf on many social platforms, such as Facebook.
Free WiFi Could Prove Costly
If you are constantly on the road or in a remote office (some call it Starbucks), then you need to always be on the alert and make careful decisions when logging into networks outside your home or office. Hot spots are well known sources of cybercrime. There are several ways hackers can steal your information from a hot spot, from installing a free rogue hot spot served directly from their computer where they have full access and visibility to all your data, to using special software to see all your activity, even when you are in a “trusted” public Wi-Fi spot. If you are using a hot spot for work, then always use a layer of encryption by using a VPN. In general, public hot spots provided by companies such as AT&T are not encrypted, putting all your communications at risk.
Two-Factor Password Authentication Matters
With thousands of passwords being compromised every day by hackers and cybercriminals stealing, cracking, phishing, guessing, buying, keylogging, sniffing, and capturing, not having two-factor authentication with your most sensitive accounts is literally a crime against yourself. Two-factor authentication combines something you know with something you have, disarming anybody that attempts to access your information by having only your password but not your authentication device. Two-factor authentication can be managed by a FOB or digital token that provides the user a one-time password, or via a message sent to a mobile device. Virtual Private Network access, personal and company emails and bank accounts, as well as access to your mobile computer can benefit greatly from two-factor authentication. Many free email providers, such as Gmail, already provide free two-factor authentication via your mobile. If you have not yet activated yours, then don’t delay. Data breaches where identity is compromised ends up costing Americans an average of $365 to resolve.
Consider a Digital Safe
With so many passwords to keep, which are likely to constantly change, having a means of centralization of your most important passwords and documents is no longer a nice- to-have. Data access should not be just secure; it should also be transferable to those you trust the most when you are unable to access it, due to illness or after you pass away. A well-designed digital safe gives you the convenience of centralization, the peace of mind of transferability, and the confidence that all the documents that really matter are secured in a cloud-based environment where they are unlikely to he hacked or lost due to device failure.
£25 billion. That is the current figure of unclaimed digital assets in the UK alone.
What are digital assets?
There is no precise legal definition but commonly they include:
online bank accounts
photographs and videos stored online
blogs and e-books
social media statuses and tweets
information contained in documents, such as emails.
Each internet service provider may have different policies for dealing with online assets on death. These policies will have been accepted when the online account was created. A few examples are:
Facebook – since 2009 Facebook has allowed accounts to be memorialised so that family and friends can continue to post photographs and comments on a deceased account holder’s timeline. However, logging into or editing a memorialised account is not permitted.
Google – since April 2013 Google’s inactive account manager allows account holders to decide how their stored data should be dealt with once they have died.
Apple/iTunes – this is a licence only and there are no rights to reproduce content. Account holders are prohibited from passing on details of ID and passwords to others.
Apple/iCloud – these accounts are personal to the account holder and cannot be transferred on death.
Twitter – accounts terminate immediately on death.
What should I do?
Most wills contain a clause dealing with personal chattels. Computer hardware (eg the computer itself) is a tangible asset and falls within the definition of personal chattels, but digital assets are intangible ones and therefore are not covered by the definition.
We suggest you consider amending the usual personal chattels clause in the will to include digital assets, or make a separate provision or leave them to be dealt with as part of your general residuary estate.
To summarise, there are a number of important points to bear in mind regarding digital assets to ensure that they do not add to that £25 billion:
Make a list of digital assets that have financial or sentimental value.
Choose who should deal with the digital assets. Remember this could include access to emails so privacy may be an issue.
Keep records of online accounts, usernames and passwords regularly updated and separate from the will. Consider using a third party provider, such as an online password protection programme, to help.
Make a will and consider digital assets carefully.
For more information about how to protect your digital assets in your will please speak to any of our lawyers in our wills, probate & trusts department.
In my previous digital estate planning post, I posed the question regarding the difference between the decedent in the 1990’s who threw away all his bank accounts, photos, and family letters before death, and the decedent in today’s age who has stored all of this information online and fails to provide the password.
Before answering this question, estate planning is composed of two major classes of decisions: (1) heirs of the estate and (2) fiduciary appointments. Fiduciary appointments typically consist of naming individuals to act in various roles on a client’s behalf upon death or incapacity, such as personal representative/executor, trustee, power of attorney, guardian/conservator, etc. Simply defined, a fiduciary is one who is charged with making decisions on a person’s behalf, either in accordance with specific instructions or based on the best interests of the person represented by the fiduciary.
Keeping this fiduciary concept in mind, we can now jump back to our original question. The simple answer lies in who possessed the information. When information was in a paper format, the decedent was the one who possessed it. However, when information is stored in a digital format in a place other than the decedent’s personal computer, that information is no longer possessed by the decedent. Instead, the information is now possessed by an online service, and is stored in their servers.
Thus, there are two issues central to digital estate planning. First, a decedent may now have fiduciaries which are named outside of their estate planning documents. Second, a decedent’s estate planning documents may not effectively dispose of their digital assets, due to a conflict with the terms of service of the information fiduciary.
Now that we have effectively framed this issue, future installments will examine how these legal issues can be resolved, and whether an outside non-lawyer service is an effective mediator of such issues.