In the year and a half since I last wrote about planning for digital assets not much has changed in Massachusetts. Our state is still one of a handful of states that has not enacted the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA), although there is a bill pending in the Massachusetts legislature that would do so. This bill would clarify the authority your appointed fiduciaries (such as your agent under your Power of Attorney, or the Personal Representative of your estate) would have to access your digital assets if you become incapacitated or pass away.
What has changed in the past year and a half is that we all continue to be more dependent upon technology, and our digital footprint increases with each passing day. We continue to use social media, online photo and document storage, and email on a daily basis, increasing the digital “assets” we have stored in these accounts. The importance of the assets stored online has also increased – perhaps this is the only place you now store vacation photos (rather than putting them in your photo album), or perhaps you only receive your bank or investment account statements online rather than in the mail. This online footprint will only continue to grow, as will the need for your estate plan to address your digital assets.
The more digital assets become mainstream, the more important it is to plan for access to these assets by others if you are not able to do so. To the extent these accounts contain information that you would like someone to be able to access after your death or incapacity, it is necessary to provide the appropriate authority for such access as well as instructions about what you want done with these “assets.” For some types of these assets, digital estate planning strategies are is crucial to prevent financial loss (i.e. the loss of a domain name used for business purposes, bill payment, access to investment account information), to protect sensitive personal information (on-line dating websites), to avoid identity theft, and to allow access to valuable assets (think bitcoin or an author’s manuscript).
Here are some tips to manage your digital assets until Massachusetts law catches up with the rest of the country and we have a clear roadmap for access for Massachusetts fiduciaries:
Review the terms of service agreements for the online accounts you use. Understand what those agreements provide about access, and if and how others can be given permission to access your account. Have a qualified estate planning attorney review these on your behalf if you have questions.
If an online entity offers a way for you to give permission or access to your digital assets stored with that company, pay attention and follow the directions. For example, Facebook allows you to designate a Legacy Contact who can manage your account after you die, or you can choose to have your account deleted if you pass away. Google allows you to control what happens to your account through their Inactive Account Manager feature. Here you can designate when your account will be considered inactive, what should happen to your Google account in that event, and designate one or more people who will have access to whatever portions of your Google account you choose.
Update your estate plan documents, specifically your Power of Attorney, Will and Trust, to ensure those documents grant express permission for the fiduciaries named in those documents to access your digital assets, and express direction regarding what should be done with specific digital assets at death. In our office, we include express permission for access in these documents.
Keep a current list of your usernames and passwords in an online password manager or recorded in another way where a trusted person can access this information if needed, and let that person know where this information is located. As a start, we provide our clients with a Digital Assets Memorandum that can be used to record access information and instructions about digital assets.
Keep in mind that if you have not used an online entity’s prescribed method of giving someone permission to access your account, and do not have express permission and direction in your estate plan documents, the company’s Terms of Service Agreement will govern. In such a case, you and your digital assets are at the mercy of the online provider, which may not allow access following your death or incapacity. Don’t fail your loved ones with poor digital legacy planning.
A friend recently told me of the challenge she faced sorting through her aging parents’ belongings to prepare their home for sale.
Her father had died years ago and her 94-year-old mother had been living in an assisted-care facility for more than a year. Most of the items of sentimental or personal value had already been distributed to her siblings. What remained were her parents’ personal archives — letters, photos, employment/financial/legal/health records, all tangible, physical objects that, once gone, would be gone forever.
In the internet age, personal archives are no longer limited to the tangible. In fact, much of one’s personal archives is now digital — emails, texts, photos, videos and social media accounts. And there’s a lot more content generated and stored than ever before. Some is saved on personal storage space, such as a computer hard drive. Other material lives in the cloud in services like Facebook, Google Mail and YouTube. In most cases, that content is protected by some kind of password.
So what becomes of all of that information when someone dies? Does it remain online forever? Can it be altered, deleted or downloaded, and if so, by whom? And how do these digital artifacts represent your life and legacy?
These questions inspired Evan Carroll and John Romano to create the website thedigitalbeyond.com to address these needs and concerns. Together they wrote the book “Your Digital Afterlife” in 2011. Since that time an entire industry has emerged to help people plan for managing their digital legacy. Thedigitalbeyond.com lists dozens of such online services. Some are free while others are fee-based.
Knotifyme.com, for example, “answers the question, ‘What happens to all my online accounts if I get amnesia, Alzheimer’s or if I leave from this world?’ With knotify.me you set future notifications to be sent to your family and beloved people or to yourself, ensuring that nothing of your digital life will be wasted (and) transfers your online property/heritage (urls, domain names, e-mail & social network accounts, etc.) to whomever you wish to continue it in the future!” You can sign up for this free service through your Facebook, Twitter or Google accounts. In short, according to its tagline, Knotifyme.com “manages your digital heritage.”
To address financial matters, consider Legacyarmour.com, which describes itself as “a secure asset protection platform where you organize your important information in encrypted vaults, and …. automatically deliver it to your designated recipients on a scheduled date, or in case of your death or incapacitation.” It is a fee-based membership service with different levels of coverage and prices depending on what you want.
The rapid growth of the web has outpaced the law in the realm of the digital afterlife. It wasn’t until 2015 that the Uniform Law Commission, a nongovernment organization, created the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA). It has since been adopted by 40 states and been introduced in five more this year. As its name suggests, RUFADAA “allows fiduciaries to manage digital property like computer files, web domains, and virtual currency, but restricts a fiduciary’s access to electronic communications such as email, text messages, and social media accounts unless the original user consented in a will, trust, power of attorney, or other record.”
Some online services have their own policies for providing access to a person’s account after he or she dies. Facebook allows users to designate a “Legacy Contact” who is legally permitted to enter someone’s account to post, respond to friend requests, and update profile and cover photos. The Legacy Contact may also be given the power to download an archive of the photos, posts and profile information in that account. Facebook users can also simply opt to have their account permanently deleted after their death. Google offers an Inactive Account Manager feature that allows users to share parts of their account data or notify someone if they’ve been inactive for a certain period of time.
One important and often repeated piece of advice is to never put usernames and passwords for any online accounts in your will, as it becomes a public record once it is entered into a probate court file.
It is never too soon to start estate planning, whether it be for tangible assets or digital ones. It may be well worth your time to investigate the policy options of your online account services and perhaps even avail yourself of some of the many digital afterlife services available today.
The Revised Uniform Fiduciary Access to Digital Assets Act, which became effective in Minnesota earlier this year, has largely resolved the Catch-22 that faces trustees and estate administrators by creating a workable framework for disposing of digital assets after death. Attorneys who do estate planning work should familiarize themselves and their clients with its terms.
Cloud computing has made our lives much easier, but it has made our deaths more complex. Increasingly, our most significant physical possessions are taking on digital form. Photographs, letters, bank statements, even currency itself—these are just a few of the things that were known to us primarily as physical objects less than a generation ago, but which many of us now store digitally.
The “digital assets” that people own today include those that have physical analogs (for instance, letters and music) as well as those that do not (for instance, social media accounts). If such assets were held in the physical possession of a deceased person—on a computer, flash drive, or other device—they could be distributed in much the same manner as tangible property. Frequently, however, a decedent’s digital assets are maintained on the servers of a third party such as Facebook, Google, or an online bank. Until recently, this situation placed estate administrators in a troubling limbo. On the one hand, they have an obligation to gather and manage all of a decedent’s assets. On the other, they face imposing obstacles to accessing digital assets, including restrictive terms-of-service agreements and federal anti-hacking statutes.
Digital assets have risen to prominence in our culture so quickly that legislatures are only now stepping in to clarify things. This past August, the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA) became effective in Minnesota and is codified as Minnesota Statutes §521A.01, et seq. (2016). As of July, 17 other states had passed versions of RUFADAA, and 13 others had introduced it in their legislatures. The act has largely resolved the Catch-22 that faces estate administrators by creating a workable framework for disposing of digital assets after death. As such, it is worthwhile for Minnesota lawyers to understand the basics of the statute, and also to understand basic best practices that their clients should implement in order to take advantage of its protections.
Overview of RUFADAA
The purpose of RUFADAA is straightforward. As its drafters at the Uniform Law Commission (ULC) put it, the act “gives Internet users the power to plan for the management and disposition of their digital assets in a similar way as they can make plans for their tangible property.”1
Arriving at the statutory language that achieves this objective was a far less simple matter. Before RUFADAA, there was UFADAA, the original Uniform Fiduciary Access to Digital Assets Act. Like RUFADAA, UFADAA attempted to resolve the difficulties facing executors, estate administrators, and others (RUFADAA uses the umbrella term “fiduciaries”) in accessing and distributing digital assets. The approach that UFADAA took to the issue was a simple one. It merely stated that existing law applicable to fiduciaries—which authorizes them to stand in the shoes of a deceased person for purposes of recovering his or her tangible property—also applied when fiduciaries sought access to digital assets.
While it had the benefit of simplicity, the approach proved disagreeable to technology companies. Those companies, which maintain user accounts containing digital assets and include the likes of Apple and Yahoo, are known as “custodians” under RUFADAA. Numerous custodians joined in a successful campaign against UFADAA, arguing among other things that the law, in giving fiduciaries access to the contents of email messages and other personal documents of the decedent, violated their users’ privacy. They also argued that UFADAA simply placed them, as opposed to fiduciaries, between a rock and a hard place, legally speaking. They pointed to a 1980s-era federal statute, the Stored Communications Act (SCA), which arguably prohibits custodians from turning over a user’s account to a third party. (The statute provides a “lawful consent” exception, but does not speak to the issue of whether a fiduciary, by virtue of its position alone, has such consent.) Custodians claimed that the UFADAA would require them to violate the SCA.
The tech industry drafted competing legislation, known as the Privacy Expectation Afterlife and Choices Act (PEAC). PEAC, however, had its own limitations, including a limited scope—it included email communications, for instance, but not other digital assets like cloud-stored files and blogs—and the burdensome need to obtain a court order formally authorizing a fiduciary to access a decedent’s digital property.
Ultimately, custodians and the Uniform Law Commission agreed to the approach embodied in RUFADAA, which takes account of the tech industry’s objections to the original legislation. Specifically, it limits a fiduciary’s access to the substance of certain digital content, unless the decedent affirmatively authorized it. In describing RUFADAA, the ULC states:
This act extends the traditional power of a fiduciary to manage tangible property to include management of a person’s digital assets. The act allows fiduciaries to manage digital property like computer files, web domains, and virtual currency, but restricts a fiduciary’s access to electronic communications such as email, text messages, and social media accounts unless the original user consented in a will, trust, power of attorney, or other record.2
While RUFADAA is more complex than its predecessor, it is clear enough. Under RUFADAA, the extent to which a fiduciary can access the digital assets of a decedent is dictated by one of several sets of terms, in descending order of authority.
Online tool: Under RUFADAA, custodians can create an “online tool,” separate from their terms of service, through which users can determine the extent to which their digital assets are revealed to third parties, including fiduciaries. (On Facebook, the online tool is known as Facebook Legacy Contact.) If a user has provided direction through the online tool, it will supersede conflicting directives, including those in a will.3
Will, trust, or power of attorney: The user can authorize access to his or her assets after death through a will or trust and, during his or her lifetime, through a power of attorney.4
Terms of service: If the user has not provided direction, the custodian’s terms of service apply.
RUFADAA default rules: If the terms of service do not cover the issue, RUFADAA’s default rules apply. Those default rules recognize multiple types of digital assets. For certain digital assets, like virtual currency, RUFADAA gives fiduciaries unrestricted access. For electronic communications, however, the statute does not provide fiduciaries access; instead, it allows them to access a “catalog” of communications consisting of metadata such as the addresses of the sender and recipient, as well as the date and the time the message was received.
For all actions taken in good faith under RUFADAA, custodians receive the legal protection of immunity.5
Users should consider availing themselves of the online tool option whenever it’s offered, and in certain instances it will make sense to exercise that option. Of course, online tools only apply to the individual sites on which they appear. Users can secure blanket protection for themselves by including digital assets in their estate planning documents. They should include language identifying the fiduciary and the extent of access that he or she should be given to the user’s digital assets. (The documents should also make it clear that the provisions should be considered lawful consent under the Stored Communications Act and other relevant statutes.)
In conjunction with this estate planning, users should maintain an updated inventory of their digital assets, including accounts and passwords. They should be careful about revealing that inventory to third parties, however, as it presents a possible claim of a violation of the Computer Fraud and Abuse Act, in the event that a site’s terms of service prevent password sharing with third parties, as some do.
Lawyers will want to become familiar with the terms of service of various sites—especially those in which their clients hold significant digital assets. Yahoo’s terms of service, for instance, indicate that “any rights to your Yahoo ID or contents within your account terminate upon your death,” raising uncertainty over the extent to which a fiduciary could access them.6
Finally, lawyers should be aware of the choice-of-law provisions in various terms of service. Many point to California, where RUFADAA took effect at the end of September. If the terms select the law of a state where RUFADAA does not govern, however, there will be an argument that the fiduciary is back in the dreaded state of limbo.
While the digital revolution has introduced great convenience into our lives, it has also introduced great complexity into estate administration. By passing versions of RUFADAA, Minnesota and other states have mitigated some of that complexity and confusion. To secure the advantages offered by that statute, however, lawyers and their clients must actively make plans now for the disposition of their digital assets after death.
STEVEN ORLOFF is a partner in Robins Kaplan’s Estate and Trust practice group.
Who will have authority to access or manage your digital assets after you die? Arizona, like many other states, recently passed the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA), which may help your executor (called a “personal representative” in Arizona) gain legal and practical access to some of your digital assets. However, under RUFADAA your personal representative’s access may be narrow, it won’t be easy to get, and for some digital assets, you will have to provide your explicit permission.
All of this means that if you want your personal representative to have access to your digital assets (or if you want to keep your digital assets private), you need to plan ahead.
“Digital assets” are any digital record that you own or have control over. This includes email accounts, blogs, social media accounts, financial accounts, digital files (music, photos, movies), apps, or any other online or digital account or file. Your access to these accounts or files is usually limited by the “terms of service agreement” (TOSA) that you agreed to when creating an account or buying or licensing a product online. TOSAs usually dictate what happens to your account when you die.
RUFADDA distinguishes “electronic communications” as a type of digital assets that requires stronger privacy protections. Electronic communications are communications between private parties via email, text messages, instant messages, or other private service. A communication sent to a limited group of people would be subject to the stronger protections, but public communication would not. Under RUFADAA, you must give explicit permission for your personal representative to have access to your electronic communications.
Here are three reasons to care about what will happen to your digital assets after you die.
Your online presence will continue after your death. If nobody manages your digital assets after you die, most accounts and files will just remain untouched until the company that manages them terminates the account.
You may have wishes about what happens to your digital assets after your death. Consider your email accounts, photos stored online, social media accounts, merchant accounts, financial accounts, subscriptions, and other digital assets. Do you want to have a say about what happens to them? Would your friends and family like to have your photos? Should your blog be transferred to another writer? Will your personal representative know how to access income you’ve earned online? Do you want certain email accounts deleted so that no one can see them? If you have any post-mortem wishes for any of your online accounts or files, you need to make a plan.
Your personal representative will need access to your digital assets after your death. As a practical matter, the person who wraps up your estate will almost certainly need access to some of your digital assets. He or she will need to get information about bank accounts, get contacts out of your email account, notify your online communities about your death, close your social media accounts, pay final bills, or many other tasks. Without a plan—including express permission to access your digital assets, information about how to access your digital assets, and detailed instructions about what to do with them, it will be much more difficult for your personal representative to wrap up your affairs. Read more about Why Your Personal Representative Needs Access to Your Digital Assets.
You can address each of these issues by making a plan for your digital assets.
A Personal Representative’s Access to Digital Assets in Arizona
In Arizona, your personal representative’s ability to access your digital assets depends in part on whether you’ve made a plan.
If You Don’t Make a Plan for your Digital Assets
If you don’t make a plan giving permission for someone to access your digital assets, your personal representative can still ask for access under RUFADAA. But the process will be difficult with no guarantee of success.
Under RUFADAA, your personal representative will have to make a formal written request (including a certified death certificate) to the “custodian” for each asset that he or she wants to access. The custodian is the company that owns or controls the account or file.
The custodian may also ask for:
an affidavit (or a court order) stating that disclosure of the digital assets are reasonably necessary, and
evidence (or a court order) linking you to the account.
Each of these requests will take time and will likely be met with resistance from the custodians—both because it costs them time and money to fulfill such requests, and also because they need to carefully comply with privacy laws.
RUFADAA also gives custodians leeway to:
Charge a fee for supplying the disclosures.
Refuse to comply if they claim (to the probate court) that complying with the request would be too much of a burden.
Limit the disclosure to only those digital assets that are directly related to wrapping up your estate.
Restrict access per the terms of service agreement – often this means that the custodian has the right (but no obligation) to terminate and delete your account when you die.
Further, RUFADAA requires explicit permission (either through the custodian’s online tool or your will) to grant access to your “electronic communications.” This means that if you did not give your custodian explicit permission to access your electronic communications (see definition above), your custodian cannot grant a request to disclose the content of your personal email, non-public tweets, or any other private communication. However, they are permitted—even without explicit permission—to provide a “catalog” (not content) of such communications.
In sum, if you do not make a plan giving your personal representative authority to access your digital assets, it will be very difficult for your personal representative to get access to your digital assets using RUFADAA.
That said, it won’t be impossible—so, if you don’t want your personal representative to access your digital assets, not making a plan gives you no assurance that your digital assets will remain private. Whether or not you want your personal representative to have access to your digital assets, planning ahead is the best way to have your wishes met.
If You Make a Plan for Your Digital Assets
Leaving a plan for your digital assets makes it much more likely that your personal representative will be able to access your accounts and files, and it also gives you a chance to give instructions to your personal representative about how to access them and what to do with them.
In your will, you can give your personal representative a range of permission—from very broad permission to restrictive permission that limits which accounts or files your personal representative can access. (See below.)
Importantly, if you give your personal representative permission to access your digital assets, this permission trumps the custodian’s terms of service agreement (TOSA). This alone will make your personal representative’s job easier because the custodian won’t be able to block requests for access based on the TOSA.
However even with explicit permission, if your personal representative must ask the custodian for access using RUFADAA, the law requires him or her to go through the difficult and uncertain process described above. In other words, while giving explicit permission to your personal representative is an important step, it is no guarantee that your permission will result in your personal representative actually getting the access you want him or her to have.
One way around this problem is to provide your personal representative information about how to access your files and accounts. This way, your personal representative can access your digital assets immediately and without hassle. See below.
How to Leave Instructions About Your Digital Assets
If you want your personal representative to have access to your digital assets, then you need to make a plan. If you don’t want your personal representative to have access to your digital assets, then you also need to make a plan.
If You Want to Give Permission
The only way to be sure that anyone will be able to get into your accounts after you die is to very clearly leave instructions and access information for the person who will be wrapping up your affairs. Leave a list of your accounts with user names and passwords and explain what you want done with each one. That way, your personal representative won’t have to go through the RUFADAA process for each custodian. Instead, he or she will be able to immediately access your accounts.
Leave this information in a letter to be found after you die. Just keep the letter in a secure place, make sure that your personal representative knows where to find it, and remember to keep it up to date.
If You Want to Restrict Access
If you don’t want your personal representative to have access to your digital assets, or if there are certain assets you want to keep private, make this clear in your will and in your instructional letter. Without a clear directive, your personal representative may claim that he or she needs access to your digital assets in order to wrap up your estate.
You can strengthen the difficulty of accessing certain accounts by making your account names and passwords difficult to guess, so that even someone who knows you well would be stumped. If you want to further ensure your privacy after your death, see a lawyer for help. An attorney may be able to craft a provision for your will that explicitly prohibits your personal representative from accessing certain assets. Or the attorney could help you set up a trust that appoints a trusted person to guard the assets on your behalf.
Keep an Eye on This Issue
This is a new and changing area of the probate law. And although the letter of the law is now settled in Arizona (RUFADAA), the practical mechanics and processes for getting or restricting access to digital assets are not. For example, will custodians willingly comply with standard requests for access, or will they do everything they can to avoid compliance? Will access to digital assets under RUFADAA be broad enough for personal representatives to get what they need to wrap up estates? Or will more protections be required to ensure that personal representatives don’t take advantage of their access? It may take a few years for the practical aspects of this law to settle out.
Today, no estate or disability planning is complete without providing for your “digital assets.” Even if you’ve never considered the notion of digital assets, you almost certainly possess them. Inadequate digital asset planning can frustrate the administration of your estate, lead to identity theft, and cause the loss of valued possessions. Have you ever wondered what happens to your Facebook profile or your vast iTunes library when you die? Can your personal representative compel access to your email or E-Trade accounts if
knowledge of the passwords dies
More and more of our daily tasks–not to mention assets with sentimental and/or financial value–are going digital. Broadly defined, a “digital asset” is any electronic record stored on, and retrievable from, an electronic device. This includes email accounts, online banking accounts, social media profiles; photographs, writings or other intellectual property stored on a hard drive or in the cloud; entertainment media purchased from iTunes or similar online marketplaces and websites and domain names. Digital assets can reside on your computer, cell phone, tablet, external hard drive or on the internet.
Upon death or disability, a will or power of attorney typically appoints a fiduciary (e.g., a “personal representative”) to attend to your assets and affairs. Such fiduciaries are tasked with accessing, managing, and transferring your assets–tasks that become considerably more difficult when the extent of, and passwords for, digital assets are unknown.
Providing fiduciaries with a periodically updated inventory of digital assets and related passwords, as well as with instructions regarding their management, termination, or disposition, has become a crucial part of modern estate planning. Assets may otherwise be lost, and personally identifiable information may float in cyberspace indefinitely, waiting to be co-opted by
Such proactive approaches, however, are not always the end of the story. Various federal privacy and anti-hacking laws, and end-user agreements with online service providers, can create roadblocks for even a duly authorized fiduciary to legally access a decedent’s account. Google and Yahoo! for instance have been known to require separate legal proceedings before providing fiduciary access. Aside from the access question, end-user agreements also can raise questions about the ultimate ownership — and thus transferability — of digital assets.
These agreements may contain language that hosted content becomes property of the online custodian, or that media “purchased” online is actually merely licensed by a user until death. Review of end-user agreements, which are often assented to without a second thought, has also thus become an
important part of digital asset planning.
In March, Oregon became the first state to adopt the Revised Uniform Fiduciary Access to Digital Accounts Act (“RUFADAA”), effective January 1, 2017. RUFADAA now provides a mechanism by which fiduciaries under a will, trust, power of attorney, or conservatorship can compel access to, or the termination of, digital accounts pursuant to a statutorily defined process. RUFADAA also provides fiduciaries with legal cover from various computer-related laws that arguably prevented such access. RUFADAA gives discretion to online custodians to limit access to only such portions of accounts necessary to discharge a fiduciary’s obligations and allows custodians to impose a “reasonable administrative charge” for such access. RUFADAA imposes strict legal duties upon fiduciaries, and legal counsel should be consulted when seeking access under the new act.
RUFADAA will generally apply when fiduciary authority to access digital accounts has been explicitly granted under the relevant instrument (e.g., a will). Now is a good time to ensure that your testamentary documents, general power of attorney, and estate planning generally, adequately addresses your digital assets.
Adam Anderson is an estate planning attorney at Jordan Ramis PC. He can be contacted at 541-550-7900