The importance of having a digital estate plan has grown exponentially over the past decade as technology continues to occupy our daily lives. This leads to the question: Who has access to my online accounts and how will those accounts be managed and distributed in the event I become […]
When it comes to, wills, power of attorney and all that goes into crafting your estate plan, you should include a discussion about digital assets with your attorney.
Our lives today are primarily conducted online – making digital assets part of our daily lives. Yet many of us fail to recognize that the value of digital assets are as important as tangible assets. McAffee, in 2014, conducted research that disclosed digital devices hold an estimated value of $35,000. Topping the list of stored items are personal memories, photos, and videos which was estimated at over $17,000.
As we store an increasing amount of assets and accounts online, their emotional and financial value increases. If you have not included digital asset information along with your estate planning documents, your beneficiaries may not be able to access your accounts, particularly if they do not have passwords and related information. Additionally, problems arise with social media accounts that are covered by TOS (terms of service) agreements which prohibit an accountholder from disclosing information to third parties, or allowing them to access your account, and from transferring the account. Laws governing digital accounts vary state-by-state and all too often beneficiaries are locked out of their loved ones’ social media and other accounts.
What is a Digital Asset?
Digital asset refers to any content a person owns in digital form i.e., anything that you access online, your computer, a mobile device, or that is stored in the cloud. The list of digital assets is extensive and tends to fall into several categories including:
- Passwords: A strong password can secure the information on your computers,
high-tech items and shopping accounts; unfortunately, people are not as careful in selecting passwords making it easy for hackers to access accounts. Google provides many ideas on how to choose hard-to-hack passwords
- Social media accounts: Facebook, Twitter, LinkedIn, Instagram etc., most of which have exclusive access via passwords and relevant security words. They are subject to terms of service contracts established by social media outlets – therein lies the issue when families try to access a deceased loved one’s account.
- Email accounts
- Businesses: Websites, domain name/s, blogs, intellectual property, all data stored digitally etc.
- Financial: Bank accounts, tax documents, investment accounts, credit cards, virtual currencies, savings bonds.
- Personal: Electronically stored photo albums, music, movie collections, video games, websites, mobile devices, frequent flyer miles, medical records, shopping sites such as Amazon, EBay, Wayfair, food sites.
Estate Planning and Digital Assets
When it comes to estate planning we realize that protection of our homes, loved ones, and financial assets are critical. However, it is equally important to protect the legacy of your digital assets as well. Pointers for safeguarding your digital assets include:
- Prepare an inventory of all your digital assets with a description of each along with your user name, password and related security information. Plan to update the inventory each time you make a change.
- Store the inventory either with your estate planning documents or in a place that it can be accessed by your fiduciary (power of attorney, personal representative (executor), etc.).
- Authorize your decision makers (your agent(s) named in your durable power of attorney, in the event of a lifetime illness or disability, and your personal representative (executor) named in your will to act for your estate upon your death) with the appropriate powers to access and deal with digital assets in the event of lifetime disability or death. Supplement those powers with private instructions, if applicable, as to how you more specifically wish your digital assets to be handled. For instance you may have certain personal accounts that you don’t ever want opened; be specific.
- Be aware. Familiarize yourself with terms of service agreements associated with your social media accounts. Some platforms have incorporated ways of handling a deceased’s account, others have not addressed this issue at all.
The importance of including digital assets in your estate plan cannot be overstated as Internet usage becomes more pervasive and as online accounts become even more valuable. Be sure to discuss this topic with an estate planning attorney… soon.
As Web-based engagement for business and personal reasons becomes more prevalent, the risk for a breach to your privacy and data security increases. Not a month goes by without us hearing about a privacy breach compromising people’s financial identity, and the Federal Trade Commission estimates that at least 11 million people are the victims of identity theft every single year. More and more, identity theft is happening in a virtual realm as a result of careless personal habits as it relates to data security. Every minute of the day, thousands of Americans are exposed to phishing, spyware, malware, and other types of malicious Internet activity aimed at stealing their identity to use mainly for financial fraud. It just takes one moment of carelessness to place you or your loved ones in a vulnerable position that may take years and many hours of hard work to correct.
Data security crimes are so common and so disruptive that many companies offer insurance to protect individuals from the aftermath of having their identity or other important documents stolen digitally. Protecting your online data goes beyond protecting your identity. Many people store a myriad of personal documents on the cloud and maintain ongoing conversations via text or email that may contain information that should be kept private. If you are concerned about online data safety, then take into account the following best practices to help you keep your personal and professional data from falling into the wrong hands.
According to David Perera, a journalist focused on tech and trends, much of what we are told about password security is difficult to implement and not necessarily aligned with the way we operate in our daily lives. For most of us, having a different password for each account is unrealistic, given that the average person interacts with over 100 password-secured websites. It absolutely makes sense, in theory, to have complex passwords with no association with our names, addresses, or commonly known personal information. We should also refrain from the most common and most damaging mistake of using standard passwords such as “123456” and “password.” (Take a look at this article on CBS, highlighting the 25 most popular passwords for 2013.) But how can you keep track of so many passwords while relying on memory and making sure your passwords are secure? A great alternative is to think about passwords in tiers. That is, the security level needed for each website or environment determines the type of password you are likely to use. On sensitive environments such as bank accounts or trading accounts, you may want to go all the way, and refrain from patterns or reusing common words or passwords. As for other less important websites that require a password, you can tier it by resorting to passwords that are still complex and unique, and make use of special characters that you are still able to recall.
Mobile-device use is on the rise, and with it comes the increased risk of having a data-security breach. When it comes to your mobile devices, caution and mindfulness are essential to keep your personal information safe. Let’s start with the basics. More than 50 percent of data-connected cell phone users don’t use a password on their device, making it extremely vulnerable should the device be lost or stolen. Another habit that puts your personal data at risk is having your cell phone or mobile device set to auto-connect when it finds an open wireless network. Finally, if you are engaging with a variety of websites and apps, then it is very important that you verify the authenticity of a website and make sure the portal is secure (the URL should read https instead of http). When downloading apps, carefully review the data each app wishes to have permissions for. Many apps are highly intrusive of your privacy, asking for ongoing access to all manner of communications taking place from your device, and even taking the liberty to post on your behalf on many social platforms, such as Facebook.
Free WiFi Could Prove Costly
If you are constantly on the road or in a remote office (some call it Starbucks), then you need to always be on the alert and make careful decisions when logging into networks outside your home or office. Hot spots are well known sources of cybercrime. There are several ways hackers can steal your information from a hot spot, from installing a free rogue hot spot served directly from their computer where they have full access and visibility to all your data, to using special software to see all your activity, even when you are in a “trusted” public Wi-Fi spot. If you are using a hot spot for work, then always use a layer of encryption by using a VPN. In general, public hot spots provided by companies such as AT&T are not encrypted, putting all your communications at risk.
Two-Factor Password Authentication Matters
With thousands of passwords being compromised every day by hackers and cybercriminals stealing, cracking, phishing, guessing, buying, keylogging, sniffing, and capturing, not having two-factor authentication with your most sensitive accounts is literally a crime against yourself. Two-factor authentication combines something you know with something you have, disarming anybody that attempts to access your information by having only your password but not your authentication device. Two-factor authentication can be managed by a FOB or digital token that provides the user a one-time password, or via a message sent to a mobile device. Virtual Private Network access, personal and company emails and bank accounts, as well as access to your mobile computer can benefit greatly from two-factor authentication. Many free email providers, such as Gmail, already provide free two-factor authentication via your mobile. If you have not yet activated yours, then don’t delay. Data breaches where identity is compromised ends up costing Americans an average of $365 to resolve.
Consider a Digital Safe
With so many passwords to keep, which are likely to constantly change, having a means of centralization of your most important passwords and documents is no longer a nice- to-have. Data access should not be just secure; it should also be transferable to those you trust the most when you are unable to access it, due to illness or after you pass away. A well-designed digital safe gives you the convenience of centralization, the peace of mind of transferability, and the confidence that all the documents that really matter are secured in a cloud-based environment where they are unlikely to he hacked or lost due to device failure.
Living and Dying in a Virtual World
by Greg Lastowka and Trisha Hall
A significant portion of a modern decedent’s assets may consist of ‘digital assets’ such as e-books, domain names, and online accounts. Unlike their tangible predecessors, digital assets may be difficult for executors and administrators to obtain. New laws may help facilitate access to digital assets, but it will not be simple to strike an appropriate balance between property, privacy, and contract.
Ubiquitous computing technologies are becoming increasingly enmeshed with our daily lives. Websites and other online platforms keep track of our history of communication, and they may additionally hold valuable intangible property and digital assets we have created or purchased. A quick scan of recent news stories reveals that:
- Over one billion people maintain Facebook pages.
- Over one billion people have accounts on Gmail, Hot-mail, or Yahoo!.
- Over 300 million e-books were sold by Amazon in 2012.
- Over 25 billion songs have been sold on iTunes.
- Over 50 million domain names have been registered by GoDaddy.
- Roughly 175 million tweets were posted on an average day in 2012.
- Over 70 hours of video are uploaded to YouTube’s servers every minute.
- Over 70 million people tended virtual farms in Zynga’s Farmville at the height of its popularity, some paying real money to obtain virtual assets.
While these numbers are impressive, they only scratch the surface of a vast landscape of platforms, websites, and account-based social media technologies. As a result, it is increasingly likely that decedents will possess a range of per-sonal accounts holding a range of files, documents, licenses, personal communications, and other forms of intangible property located behind password-protected login screens.
Many of today’s digital assets function in ways that seem analogous to prior forms of personal property. A decedent’s digital photography archive on Flickr (or Instagram, Smugmug, or Picasa) might serve the same purpose as an old-fashioned shoe-box. An account filled with e-books and digital music may replace the library on a set of tangible bookshelves. A blog might replace a daily journal, and a digital folder full of emails might replace a bundle of handwritten letters. Services such as PayPal and Wallet might replace traditional checking accounts. Virtual currencies like bitcoin might replace some portion of a decedent’s portfolio.
Executors and administrators of estates cannot disregard a decedent’s digital assets. In New Jersey, personal representatives of estates are duty-bound to settle and distribute an estate as “expeditiously and efficiently as is consistent with the best interests of the estate.” Moreover, personal representatives are responsible for valuing assets of the estate and paying any state and federal inheritance and estate tax that may be due on those assets. While an online photo archive may not amount to substantial value for these purposes, a decedent’s PayPal or virtual current account may. These duties certainly extend to digital assets and accounts that represent offline monetary value.
However, while executors and administrators can normally reach a decedent’s tangible personal property with relative ease, today’s digital assets are typically password-protected. Decedents may have dozens of accounts, each with its own unique login and password combination. Fiduciaries may not be aware of the existence or location of the decedent’s accounts, and even if they are aware, they may be unable to obtain access if passwords are not written down and kept up to date. Moreover, technology is continually changing, and what may be behind login and password today could be secured in other ways in the future.
Most digital content licenses have no language specifically contemplating what should occur upon the death of the original purchaser, but most licenses are generally limited to personal use. Some commentators have argued that digital content licenses should allow purchasers to transfer digital copies pursuant to copyright’s first sale doctrine, but this claim is controversial, and would seemingly contravene the express licensing terms. These terms may change in coming years, given that Apple and Amazon have sought patents on systems for transferring used digital media assets (e.g., music, videos, and books).
While digital content sellers like Apple and Amazon profit primarily from selling digital content, social media companies (such as Yahoo!, Google, Twitter, and Facebook) profit primarily from selling their user’s attention to advertisers. Social media plat forms tend to give away their services, offering users content created by other users. A fiduciary’s access to a decedent’s content on a social networking platform, therefore, entails access to interpersonal communications, and this can pose difficult privacy issues.
It may seem that a decedent’s beneficiaries should have stronger claims to digital assets the decedent produced, for example the photos, videos, songs, and writings the decedent created and uploaded to an online platform. But this is not always the case. The struggle of the parents of Justin Ellsworth is often used to illustrate the tension between contract, privacy, and property. Ellsworth was a U.S. marine who was killed in Iraq in 2004. Like many others, he had used a Yahoo! email account during his tour of duty to correspond with his friends and family in the states. Ellsworth’s parents sought access to their son’s correspondence because, among other things, Ellsworth had told his father that he planned to make a scrapbook from his letters. However, when Ellsworth’s father contacted Yahoo!, the company explained it would not allow the family access due to its terms of service and the need to protect Ellsworth’s privacy. Eventually, the parents obtained an order from a Michigan probate court directing Yahoo! to provide the family with the emails. The company complied with the order, but the family resented Yahoo’s initial refusal.
Other families of decedents have had similar struggles with email services and social networks. For instance, the parents of a 20-year-old man who had committed suicide complained of waiting a month for Facebook to remove their son’s profile picture, which showed him holding a gun to his mouth. Similar cases of non-responsive social media platforms have been reported. Yet this resistance may reflect valid concerns about current electronic privacy law.
For instance, the federal Stored Communications Act (SCA) generally prohibits any “electronic communication service” (e.g., an email service or a social network) from disclosing “the contents of a communication” to parties other than the sender or recipient, subject to certain limited exceptions. New Jersey law also has a statute, passed in 1993, that roughly mirrors the core language in the SCA.
While both statutes permit services to disclose communications with “the lawful consent of the originator or an addressee,” it is not clear that this exception should apply in all cases. A signed statement from the decedent could serve as proof the decedent intended for specific persons to obtain access to social media accounts. But in the absence of this, it is certainly possible that some decedents will want some communications to remain permanently inaccessible. Correspondents of the decedent might have similar wishes.
Recently, Google launched a new inactive account service that will allow a Google account user (which includes Gmail, YouTube, Blogger, Google+, Wallet and other services) to configure account settings to automatically terminate and delete an account or transfer its contents to a named third party after a period of inactivity and attempts to contact via text message or another email account. This will certainly help in situations where an account provider offers this type of service and the account user actually uses it, but for the near future, this will not be the case for most people.
Even when executors or administrators do have easy access to a decedent’s personal accounts (for instance, when passwords are stored on an accessible computer), there may be other legal concerns. Fiduciaries may access accounts, for instance, in ways that could technically violate New Jersey and federal law. The federal Computer Fraud and Abuse Act and the laws of New Jersey both prohibit, with civil and criminal provisions, unauthorized access to computers. While it seems unlikely a state or federal prosecutor would arrest a fiduciary for trying to obtain access to a decedent’s digital assets, there is no explicit statement in either the federal or New Jersey anti-hacking laws that expressly safeguards the legality of a fiduciary’s access to a decedent’s accounts.
A final wrinkle in the current law is the rise of so-called ‘digital estate planning’ services. There are many services today, each with its own features and designs, which offer to assist users in transferring digital assets after death. Generally, these services are not the work of estate lawyers. Their common feature is that, upon the occurrence of some event (e.g., a failure to check into the service or to reply to an email message from the service), the service pro-vides some person (often designated as a ‘beneficiary’) the ability to access specific accounts of the user. While it is not surprising that these services are increasingly popular, they are surely creating problems as well. Depending on the features of the service, for instance, the decedent’s release of accounts (especially financial accounts) to service-designated ‘digital beneficiaries’ may purport to transfer ownership in a manner that conflicts with the terms of the decedent’s will or with New Jersey’s intestacy rules. Additionally, it is not clear all these services comply with privacy, con-tract, and unauthorized access laws.
Legislation could clear up some issues. While the New Jersey Legislature has yet to address the problem of virtual estates, six other states have made efforts to date. Two states—Rhode Island and Connecticut—have passed laws providing executors and administrators have the right to obtain access to a decedent’s emails. Two other states—Idaho and Oklahoma—currently grant executors and administrators the right to “take control of, conduct, continue, or terminate any accounts of a deceased person on any social networking website, any microblogging or short message service website or any e-mail service websites.” Indiana has passed a law allowing personal representatives and conservators to access a decedent’s electronic documents. And Virginia just recently passed a law allowing the parents of deceased minors to access their accounts.
Legislation is pending in at least eight other states (Hawaii, Maryland, Massachusetts, Nebraska, New Hampshire, New York, North Dakota, and Oregon) which would generally expand fiduciary access rights along the lines of the Idaho and Oklahoma laws. The Hawaii and Massachusetts bills are especially interesting, in that they would overwrite contractual terms that opposed fiduciary access to digital assets. The Massachusetts bill would override terms of service restricting access to email, and the Hawaii bill would override contractual restrictions barring transfers of the decedent’s “digital media,” including “music, video, photographs, audiobooks, audio performances, or games.”
The greatest effort to rewrite the law of digital assets, however, is being undertaken by the Uniform Law Commission (ULC). The commissioners recently established a committee charged to “consider and make recommendations concerning the authority and powers of a fiduciary to access digital information related to a decedent’s estate or the affairs of an incapacitated individual.” The current working draft of the uniform legislation would allow executors, administrators, and personal representatives to “exercise control over the decedent’s digital property to the extent permitted under applicable law and a terms-of-service agreement.”
The current ULC committee discussion draft also innovates in several other ways. For instance, it establishes the decedent’s consent to access as a matter of law, immunizes fiduciaries from liability for acts in compliance with the new law, and provides a mechanism for “interested parties” to challenge the default fiduciary access. It seems likely that some of these provisions will be altered or replaced in later versions. The committee anticipates a final version of the proposed uniform legislation will not be ready until 2014. It would then take more time for states, like New Jersey, to decide whether to adopt the uniform law.
Therefore, for the next few years at least, the unresolved issues of intangible inheritance will remain. The emerging law of virtual estates will require diligent executors and administrators to navigate a complex set of legal and technological rules.
There might be little doubt that the web has revolutionised our each day lives, making issues like paying payments, purchasing, in addition to communications a lot simpler, and in lots of circumstances cheaper. This could be achieved with a easy click on of a button and all with out leaving the home. Yet, as many households of those that die are discovering, the web can even make issues harder.
This is a comparatively new growth that has been created by the very issues that have been meant to – and certainly do – make our lives simpler. Many folks conduct all of their monetary affairs on-line, whether or not submitting their taxes, paying money owed or managing their accounts, and any standing orders or direct debits proceed to be paid till you’re taking steps to cease them. People are rightly informed by the completely different establishments and/or web sites with which they maintain accounts to not share delicate data similar to passwords and pin numbers with anybody else.
With this in thoughts, settling your affairs generally is a large drawback for your loved ones members after your dying, as a result of they’re unable to achieve entry to your accounts, and within the absence of paper documentation are unable to find out with whom these accounts are saved. Even issues like closing down electronic mail accounts or social media profiles can be tough within the absence of the right log-in data.
The web is nice, however not but that nice
As said in Saga Legal’s exhaustive Digital Legal Guide, the ‘web just isn’t but intuitive sufficient’ to grasp that somebody has died and lots of surviving relations and mates could have skilled a heartbreaking reminder of this as Facebook implores them to want the deceased a cheerful birthday. The identical is true for on-line procuring websites till they’re now not in a position to debit a checking account that has been frozen upon the supply of a loss of life certificates.
The aforementioned Saga Digital Legal Guide advises that it’s best to deal with your digital authorized in a lot the identical manner that it’s best to deal with your Will. Many don’t pay digital data with the identical heed due to the growing nature of the legal guidelines governing web utilization, however that is maybe an excellent better cause to make sure that your family members have entry, as it can overcome such authorized ambiguities.
This could be achieved by making a safe on-line listing, which provides particulars your whole lively web accounts together with how you would like for them to be handled.