9137 / What measures should be taken to maintain security of digital assets before and after death?

When estate planning for digital assets, it is important to maintain the security of the assets while ensuring authorized access to the digital estate after the user’s death. This may consist of asset or account information, passwords, encryption, and other security measures to maintain both security and access.

(a) General considerations

In order to balance these dual interests, the following general considerations should be kept in mind:

1. Security of digital assets. The digital assets themselves must be kept secure to ensure that they will be available—both to the user while alive and to whoever is authorized to deal with the assets after the user’s death.
2. Security of access information or credentials. Typically, online digital accounts are secured by a password or other security features intended to ensure only the user, or someone authorized by the user, will have access to the asset and its management.
3. Accessibility when needed after death. While maintaining the security of digital assets during the user’s lifetime is essential, that security is useless if no one can access the assets after the death of the user. Therefore, it is vital to make sure that someone (digital fiduciary, executor, or administrator, or other trusted person) will have the information needed to access the digital assets after death.
4. Updating the information to keep it current. Passwords and other security features typically need to be updated periodically to maintain the security of the associated account. Some software, app, and online service providers require a user to change or create a new password on a regular basis (e.g., every 30, 60, or 90 days). Because of the constantly changing nature of digital security measures, it is essential that the access information for a digital fiduciary be kept up to date at all times.

(b) Types of secure digital assets, access information, and digital security measures