March 13, 2024
9135 / What is a digital fiduciary and how can a digital fiduciary be useful in estate planning for digital assets?
<div class="Section1"><br />
<br />
A comprehensive estate plan covering digital assets should provide for the designation and authorization of a digital fiduciary, who has the right to access and manage digital assets and accounts on behalf of the decedent. It may be the same person named as executor of the estate or someone else authorized specifically to manage the estate’s digital assets. Choosing a person familiar with modern technology can create a more efficient administration.<br />
<br />
A digital fiduciary, once chosen, must be granted sufficient legal authorization to carry out necessary functions of estate administration, including accessing and managing the user’s digital assets after the user dies.<br />
<br />
The power of attorney, will, trust, or other legal instrument document appointing the digital fiduciary should grant specific authority to access and inspect any (1) online accounts (including electronic communications and the content of electronic communications), (2) electronic devices (including computers, hard drives, and smartphones), and (3) other tangible digital storage media. In states that have not adopted the Uniform Act, these authorizations may provide an alternative when state laws do not explicitly provide such authority to a fiduciary.<br />
<br />
The authorizing document should also be cognizant of the provisions of the Computer Fraud and Abuse Act<a href="#_ftn1" name="_ftnref1"><sup>1</sup></a> and the Stored Communications Act<a href="#_ftn2" name="_ftnref2"><sup>2</sup></a> to avoid the fiduciary’s liability and ensure the fiduciary’s access to digital assets.<br />
<br />
Finally, the effects of online service providers’ varying terms of service should be considered, as those terms may override or effectively nullify the authorization.<br />
<br />
</div><br />
<div class="refs"><br />
<br />
<hr align="left" size="1" width="33%" /><br />
<br />
<a href="#_ftnref1" name="_ftn1">1</a>. 18 U.S.C. § 1030.<br />
<br />
<a href="#_ftnref2" name="_ftn2">2</a>. 18 U.S.C. §§ 2701-2712.<br />
<br />
</div>
March 13, 2024
9141 / What other considerations exist regarding digital assets in estate planning?
<div class="Section1"><br />
<br />
Here are some additional tips and suggestions regarding digital assets in estate planning:<br />
<ol><br />
<li><strong>Make as many decisions in advance at possible.</strong> The more choices a person makes about digital assets, and incorporate them into digital estate planning, the better are the chances that those wishes will be carried out after death.</li><br />
<li><strong>Legislative developments</strong>. Make sure to keep up with developments regarding state enactment of legislation regarding digital asset protection, particularly the (Revised) Uniform Fiduciary Access to Digital Assets Act.</li><br />
<li><strong>Online guides</strong>. There are a number of online information sources, including guides, worksheets, checklists, and other helpful tools for planning the disposition of digital assets after death.</li><br />
<li><strong>Eliminating any ‘skeletons’ in the closet</strong>.<a href="#_ftn1" name="_ftnref1"><sup>1</sup></a> Questionable browser history, racy photographs, and private health conditions are just a few posthumous scandals a client might want to avoid.</li><br />
</ol><br />
</div><br />
<div class="refs"><br />
<br />
<hr align="left" size="1" width="33%" /><br />
<br />
<a href="#_ftnref1" name="_ftn1">1</a>. Everplans.com, “How to Eliminate All the Skeletons in Your Closet after You Die”; <em>see also</em> Everplans.com, “Checklist: How to Identify Skeletons in Your Closet” at https://www.everplans.com/articles/checklist-how-to-identify-skeletons-in-your-closet (accessed Oct. 8, 2024).<br />
<br />
</div>
March 13, 2024
9133 / How does an online provider’s terms of service agreement impact the disposition of an individual’s digital assets?
<div class="Section1"><br />
<br />
Each online service provider has its own terms of service agreement. Depending on the terms, there may be limitations or restrictions on what a user, or a digital fiduciary, can do with respect to the user’s account after death. They can also affect how the laws, particularly the Uniform Act (<em><em>see</em></em> Q <a href="javascript:void(0)" class="accordion-cross-reference" id="9130">9130</a> to Q <a href="javascript:void(0)" class="accordion-cross-reference" id="9131">9131</a>) may be applied.<br />
<br />
Even if the state’s version of the Uniform Act authorizes service providers to disclose electronic communications and their contents, and the user authorizes the digital fiduciary to access those electronic communications, if the service provider’s terms of service agreement with the user contains provisions that do not permit the user to authorize another party to access the user’s data, it is the terms of service that will ultimately prevail.<br />
<br />
This illustrates the importance of checking the terms of service—preferably while the user is alive—to ensure that the service provider’s policies will permit the user’s wishes regarding account to be carried out rather than thwart those wishes.<br />
<br />
</div><br />
March 13, 2024
9128 / What are digital assets?
<div class="Section1"><br />
<br />
Generally, an individual’s digital property or digital assets include any information that exists in digital form (whether online or stored electronically on a device such as a USB drive or CD) that are either created by or about an individual. According to the Revised Uniform Fiduciary Access to Digital Assets Act (Uniform Act), now enacted in the majority of states, a digital asset is simply “an electronic record in which an individual has a right or interest,” but not the “underlying asset or liability unless the asset or liability is itself an electronic record.”<a href="#_ftn1" name="_ftnref1"><sup>1</sup></a><br />
<br />
In more practical terms, digital assets can be categorized as either (1) personal digital assets (with no monetary value, (2) personal digital assets with real monetary value or (3) digital assets related to a business.<br />
<br />
These may be stored either on a physical device or media (such as a computer, hard drive, smartphone, memory stick, etc.) or electronically in the cloud (including email, social media, and other types of online accounts). Collectively, these make up a person’s digital estate.<br />
<p style="text-align: center;"><strong>Personal Digital Assets (Without Monetary Value)</strong></p><br />
Many personal digital assets may have no monetary value, but hold a great deal of emotional value and preserve the memories, stories, interactions, and personal information of their owner. These include:<br />
<br />
Any personal electronic files, photos, videos, commercial programs or applications, and other information stored on physical devices, such as computers, smartphones, tablets, digital cameras, hard drives, flash drives, memory cards, memory sticks, CDs, DVDs, and other digital media and devices.<br />
<br />
Email and communications accounts, including Skype, iChat, FaceTime, WhatsApp, and other instant messenger (IM) programs, as well as related conversations, recordings, and other data.<br />
<br />
Electronic information stored in a smartphone or online on a mobile phone account, including downloaded applications (apps), photos, videos, contacts, text or SMS messages, call history, and voicemail messages.<br />
<br />
Social media accounts, such as Facebook, Twitter, LinkedIn, Tumblr, Pinterest, including content and interactions made through these accounts (<em>e.g.</em>, writing, posts, feeds, comments, chats, and recordings).<br />
<br />
Photo and video storage and sharing accounts, such as YouTube, Instagram, Flickr, Picasa, and PhotoBucket.<br />
<br />
Online storage accounts, such as Dropbox, Google Drive, and OneDrive.<br />
<br />
Online gaming accounts or applications (apps), including in-game purchases, virtual property, and avatars.<br />
<br />
Personal blogs, websites, and Internet domain names.<br />
<br />
Personal information, such as medical records and legal documents (whether stored on physical media or devices, on a website, or in the cloud).<br />
<br />
Any other personal online information or accounts.<br />
<p style="text-align: center;"><strong>Personal Digital Assets With Real Monetary Value</strong></p><br />
There are also many personal digital assets that have real monetary value, including:<br />
<br />
Money-management and financial accounts, such as online banking and investment accounts, PayPal, loyalty and rewards programs, and any other accounts with credit or value.<br />
<br />
Digital (also known as virtual) currencies, such as bitcoin.<br />
<br />
Intellectual property, such as copyrighted works, registered trademarks, and computer applications or programming code.<br />
<br />
Revenue-generating assets, including websites, blogs, certain social media accounts, Internet domain names (whether live/hosted or inactive), art, photos, music, eBooks, and other digital property.<br />
<br />
Assets related to personal online sales accounts, such as an eBay seller’s account.<br />
<p style="text-align: center;"><strong>Digital Assets of a Business</strong></p><br />
Digital assets related to a business—separate from personal digital assets with monetary value—may include:<br />
<br />
Online accounts (including financial accounts) associated with a business.<br />
<br />
Online businesses and sales accounts, such as an eBay, Etsy, or Amazon store, other commercial websites.<br />
<br />
Business email accounts, mailing lists, newsletter subscription lists, or email lists containing your company’s clients.<br />
<br />
Contact information, customer history, and account information of business clients.<br />
<br />
<em><em>See</em></em> Q <a href="javascript:void(0)" class="accordion-cross-reference" id=""></a> for a discussion of the importance of estate planning for digital assets and Q <a href="javascript:void(0)" class="accordion-cross-reference" id="9130">9130</a> to Q <a href="javascript:void(0)" class="accordion-cross-reference" id=""></a> to discuss the state and federal laws that now govern the disposition of digital assets.<br />
<br />
<div class="refs"><br />
<br />
<hr align="left" size="1" width="33%"><br />
<br />
<a href="#_ftnref1" name="_ftn1">1</a>. Uniform Law Commission (National Conference of Commissioners on Uniform State Laws), Fiduciary Access to Digital Assets Act, Revised (2015), at sec. 2(10), available at http://www.uniformlaws.org (accessed October 8, 2024).<br />
<br />
</div></div><br />
March 13, 2024
9131 / How can the Uniform Fiduciary Access to Digital Assets Act help an individual in planning for disposition of digital assets?
<div class="Section1"><br />
<br />
Section 4 of the Uniform Act provides a means for users to provide instructions for the disposition or deletion of their digital assets, and establishes a priority system when online tools, legal documents, and terms of service conflict. Section 4 of the Uniform Act addresses the relationship of online tools, legal documents recording a user’s intent, and terms-of-service agreements.<br />
<br />
A user may use an online tool to authorize or deny disclosure of some or all of the user’s digital assets, including the content of electronic communications. If the user’s wishes have been expressed using an online tool from a provider, those instructions will override a contrary instruction in a legal document (will, trust, power of attorney, or other record) or in the provider’s terms of service.<br />
<br />
If the user has not provided instructions using an online tool from the provider, or if the provider does not have an online tool for that purpose, the user’s instructions as expressed in a legal document will prevail, even if the provider’s terms of service conflict with those instructions.<br />
<br />
Finally, if the user provides no other direction, the service provider’s terms of service will apply. If the terms of service do not address fiduciary access to users’ digital assets, the default rules of the Uniform Act will apply.<br />
<br />
The default rules contained in the Uniform Act provide that a fiduciary service provider must provide a “catalogue of electronic communications sent or received by the user” and digital assets of the user, but not the content of any electronic communications.<a href="#_ftn1" name="_ftnref1"><sup>1</sup></a> (The catalogue is a log with “information that identifies each person with which a user has had an electronic communication, the date and time of the communication, and the electronic address of the person.”<a href="#_ftn2" name="_ftnref2"><sup>2</sup></a>) This section is intended to provide default access to the catalogue of electronic communications and to other digital assets not protected by federal privacy law.<br />
<br />
In each case, however, the fiduciary must provide a copy of the relevant document to the service provider when requesting access. A service provider may comply with requests for disclosure of a deceased user’s digital assets by resetting the account’s password and permitting the fiduciary access to the account. Alternatively, the provider may provide a copy of the digital assets to the fiduciary.<a href="#_ftn3" name="_ftnref3"><sup>3</sup></a><br />
<p style="text-align: center;"><strong>Effect on Terms of Service Agreements</strong></p><br />
With respect to a service provider’s terms of service agreement, the Uniform Act “does not change or impair a right of a custodian or a user under a terms-of-service agreement to access and use digital assets of the user.”<a href="#_ftn4" name="_ftnref4"><sup>4</sup></a> In addition, “A fiduciary’s .?.?. access to digital assets may be modified or eliminated by a user, by federal law, or by a terms-of-service agreement if the user has not provided direction under Section 4.”<a href="#_ftn5" name="_ftnref5"><sup>5</sup></a><br />
<br />
</div><br />
<div class="refs"><br />
<br />
<hr align="left" size="1" width="33%" /><br />
<br />
<a href="#_ftnref1" name="_ftn1">1</a>. Uniform Act § 8.<br />
<br />
<a href="#_ftnref2" name="_ftn2">2</a>. Uniform Act § 2(4).<br />
<br />
<a href="#_ftnref3" name="_ftn3">3</a>. Uniform Act § 6.<br />
<br />
<a href="#_ftnref4" name="_ftn4">4</a>. Uniform Act § 5(a).<br />
<br />
<a href="#_ftnref5" name="_ftn5">5</a>. Uniform Act § 5(c).<br />
<br />
</div>
March 13, 2024
9137 / What measures should be taken to maintain security of digital assets before and after death?
<div class="Section1"><br />
<br />
When estate planning for digital assets, it is important to maintain the security of the assets while ensuring authorized access to the digital estate after the user’s death. This may consist of asset or account information, passwords, encryption, and other security measures to maintain both security and access.<br />
<br />
(a) General considerations<br />
<p style="padding-left: 40px;">In order to balance these dual interests, the following general considerations should be kept in mind:</p><br />
<br />
<ol><br />
<li><em>Security of digital assets.</em> The digital assets themselves must be kept secure to ensure that they will be available—both to the user while alive and to whoever is authorized to deal with the assets after the user’s death.</li><br />
<li><em>Security of access information or credentials.</em> Typically, online digital accounts are secured by a password or other security features intended to ensure only the user, or someone authorized by the user, will have access to the asset and its management.</li><br />
<li><em>Accessibility when needed after death.</em> While maintaining the security of digital assets during the user’s lifetime is essential, that security is useless if no one can access the assets after the death of the user. Therefore, it is vital to make sure that someone (digital fiduciary, executor, or administrator, or other trusted person) will have the information needed to access the digital assets after death.</li><br />
<li><em>Updating the information to keep it current.</em> Passwords and other security features typically need to be updated periodically to maintain the security of the associated account. Some software, app, and online service providers require a user to change or create a new password on a regular basis (e.g., every 30, 60, or<br />
90 days). Because of the constantly changing nature of digital security measures, it is essential that the access information for a digital fiduciary be kept up to date at all times.</li><br />
</ol><br />
(b) Types of secure digital assets, access information, and digital security measures<br />
<ol><br />
<li><strong>Types of digital assets</strong>. The types of digital assets that may be protected by various types of security measures include the following:</li><br />
</ol><br />
<p style="padding-left: 40px;"><em>Digital accounts</em>, including any online accounts, operating systems, and profiles.</p><br />
<p style="padding-left: 40px;"><em>Software and apps</em> installed on a personal electronic device.</p><br />
<p style="padding-left: 40px;"><em>Protected files and folders</em> stored on a personal electronic device.</p><br />
<p style="padding-left: 40px;"><em>Encrypted hardware</em>, including computers, smartphones tablets, and other physical storage media (such as external hard drives, flash drives, and CD- or DVD-ROMs). Protected hardware may require manually recording any passwords, PINs, or other information needed to access the device.</p><br />
<br />
<ol start="2"><br />
<li><strong>Types of access information.</strong> Some or all of the following types of access information (or credentials) may be needed to ensure security and access for a user’s digital assets:</li><br />
</ol><br />
<ul><br />
<li style="list-style-type: none;"><br />
<ul><br />
<li><em>Identification information</em>, such as the user’s unique username, user ID, logon [login] name, or account number. This may be chosen by the user or assigned by the provider, and it often consists of the user’s email address or phone number.</li><br />
<li><em>Security access information</em>, which may consist of an identifying password, passcode, passphrase, PassMark, PIN (personal identification number), security questions, two-step verification, or biometric data—or some combination of them. (These are discussed below.)</li><br />
<li><em>Additional personal information</em>, which may be the user’s email or phone number (if it is not the same as the user’s unique account ID) or other personally identifying information, such as the user’s date of birth or social security number (or part of it).</li><br />
<li><em>Social media profiles</em>, which are increasingly becoming an optional (and sometimes the only) way to create an account and access smartphone apps and websites that require registration.</li><br />
</ul><br />
</li><br />
</ul><br />
<ol start="3"><br />
<li><strong>Types of digital security measures [and credentials]</strong>. Security measures can range from simple passwords or PINs to biometric data that recognizes the user through unique physical characteristics. The main types of digital security measures are listed below:</li><br />
</ol><br />
<ul><br />
<li style="list-style-type: none;"><br />
<ul><br />
<li><em>Passwords.</em> There are still the most common type of security feature, consisting of a string of characters (letters, numbers, and/or symbols), which often have specific requirements for validity (<em>e.g.</em>, 8 to 14 characters, with at least one capital letter, one lowercase letter, one number, and one symbol).</li><br />
<li><em>Passphrases.</em> A passphrase is a type of password that consists of a series of random words, simple phrases, or sentences that are easy to remember, but hard to hack.</li><br />
<li><em>PassMarks.</em> A PassMark is a type of enhanced security feature that typically consists of an image containing a phrase, as well as confidential challenge questions. (PassMarks are increasingly used by financial institutions to prevent fraud and identity theft.)</li><br />
<li><em>Security or challenge questions.</em> Confidential security or challenge questions are questions often chosen by a user from a list of questions (or even written by the user) that are unique and relate to personal information others would be unlikely to know. They are typically much more personalized than ‘mother’s maiden name’ or ‘city of birth.’</li><br />
<li><em>Two-step authentication.</em> Two-step (or two-factor) verification or authentication (sometimes called 2FA) is a more secure solution that requires two different methods to authenticate a user. (For example, some online accounts now require a password as well as a code sent, at the time of logon, to a smartphone as a text message, or through an app installed on the user’s phone.)</li><br />
<li><em>Biometric security.</em> These are designed to use an individual’s unique physical traits to confirm identity. They include fingerprints, facial recognition, iris scans, and voice recognition.</li><br />
</ul><br />
</li><br />
</ul><br />
(c) Keeping track of passwords and other access information or credentials<br />
<p style="padding-left: 40px;">Keeping track of multiple accounts with all the different security features and changing access to information can be a challenge. There are a number of ways to do this, though some methods are less secure and more difficult than others. The most common ways to keep track of accounts and access information are the following:</p><br />
<br />
<ol><br />
<li><strong>Password management systems.</strong> There are a number of password management systems and services (both free and commercial), which may consist of apps for smartphones or tablets, software for computers, and websites, that securely store usernames, passwords or credentials, and other sensitive information, and can automatically retrieve them and securely log into the user’s online accounts.</li><br />
</ol><br />
<p style="padding-left: 40px;">They encrypt login and password information, which is stored in a file (or vault) on the user’s own device or online. The user has a master password to unlock or decrypt the data, making it easy to retrieve and update password information. Many also can create new strong passwords to better protect the user’s accounts and have the ability to synchronize any updated information to all of the user’s authorized devices.</p><br />
<p style="padding-left: 40px;">This makes it much easier to save and manage a large number of passwords and credentials than some of the other methods discussed below. Some popular password management systems and services are LastPass, Dashlane, True Key, Sticky Password, Keeper, RoboForm, OneLogin, and PasswordBox.)<a href="#_ftn1" name="_ftnref1"><sup>1</sup></a></p><br />
<br />
<ol start="2"><br />
<li><strong>Other methods of storing passwords and login information</strong>. There are other ways to store and keep track of account access information and credentials, though each have diminishing utility as the number of accounts and passwords a person needs seems to continue to increase. Each of the methods listed below must be manually updated whenever password or account information changes, which may not ensure that all the information is updated with current information in case of the user’s death.</li><br />
</ol><br />
<p style="padding-left: 40px;"><em>Text file or spreadsheet</em>, which lists accounts and corresponding access information. The user may want to save the list in a password-protected document.</p><br />
<p style="padding-left: 40px;"><em>Checklist used for digital assets estate planning</em>,<a href="#_ftn2" name="_ftnref2"><sup>2</sup></a> which will list the most important categories of accounts and their access information. This may be in either hard copy or electronic format.</p><br />
<p style="padding-left: 40px;"><em>Sealed envelope or safe deposit box</em>, with a hard copy list of account and access information. For added security, the information can be divided into two separate documents—one with usernames and the other with passwords. These would be kept separately, either in different locations or by different trusted individuals. This could also be used in conjunction with a password management system, to store the master password.</p><br />
<br />
<br />
<hr /><br />
<br />
<strong>Planning Point:</strong> Clients should be advised to avoid keeping passwords in a will or formal estate planning document, as these documents may be subject to public inspection or otherwise be made available to third parties. Further, relying solely on memorizing passwords comes with the risk of forgetting the passwords and provides no means of passing that information on after the user’s death. Some service providers’ terms of service (or federal or state law) may also prohibit sharing passwords with even a trusted third party. <em>Jason Carr, M.S., M.Ed.</em><br />
<br />
<hr /><br />
<br />
<br />
<br />
</div><br />
<div class="refs"><br />
<br />
<hr align="left" size="1" width="33%" /><br />
<br />
<a href="#_ftnref1" name="_ftn1">1</a>. For reviews and comparisons of password managers, <em><em>see</em></em> ConsumerAffairs.com, “Compare Password Manager Reviews,” https://www.consumeraffairs.com/internet/password-managers/# (accessed October 8, 2024).<br />
<br />
<a href="#_ftnref2" name="_ftn2">2</a>. See<em><em>, e.g</em></em>., Digital Estate Information Sample Form, in Gerry W. Beyer, “Web Meets the Will: Estate Planning for Digital Assets,” NAEPC Journal of Estate and Tax Planning, vol. 42, No. 3 (Mar. 2015), pp. 28–41 (at pp. 34–37), http://www.naepc.org/journal/issue20p.pdf (accessed October 8, 2024).<br />
<br />
</div>
March 13, 2024
9139 / How are digital assets ultimately disposed of after death?
<div class="Section1"><br />
<br />
If a person has incorporated digital assets into estate planning, the disposition of the digital assets will be accomplished in accordance with the decedent’s wishes. In the process of administering the digital estate, some digital assets, such as online accounts, would have been either closed and deleted or transferred to someone else designated by the decedent. The ultimate disposition of the digital assets will include the following:<br />
<p style="padding-left: 40px;"><em>Ownership or proceeds of assets distributed or transferred.</em> Control of ownership of the assets, or the proceeds from their sale, goes to the designated beneficiaries.</p><br />
<p style="padding-left: 40px;">O<em>nline accounts archived (offline), closed, and deleted</em> for privacy reasons, because they are no longer needed, or pursuant to the wishes expressed in a digital assets estate plan.<a href="#_ftn1" name="_ftnref1"><sup>1</sup></a></p><br />
<p style="padding-left: 40px;"><em>Data on storage devices securely deleted.</em> Computers, external hard drives, flash drives, memory cards, and similar devices holding digital assets should be securely erased or ‘wiped’ (for privacy). This may require deleting and then overwriting the data several times to ensure that it cannot be recovered.</p><br />
<p style="padding-left: 40px;"><em>Hardware sold or recycled.</em> After securely deleting any data, electronic devices memory storage items may be sold (as proceeds of the estate) or responsibly recycled.</p><br />
<p style="padding-left: 40px;"><em>Physical media destroyed and discarded.</em> Physical media such as CD- and DVD-ROMs should be destroyed (<em>e.g.</em>, by shredding) and discarded.</p><br />
<p style="padding-left: 40px;"><em>Decedent’s private or potentially embarrassing data</em> should be discretely and completely deleted or destroyed, according to the decedent’s instructions or wishes or merely for the decedent’s privacy.</p><br />
<br />
</div><br />
<div class="refs"><br />
<br />
<hr align="left" size="1" width="33%" /><br />
<br />
<a href="#_ftnref1" name="_ftn1">1</a>. The terms of service for most online accounts prohibit transfer to other individuals. However, it is possible that future changes to those terms may occur, or a transfer mechanism could be created by the online service provider, by legislation, or by judicial action. In that case, the digital fiduciary would be able to transfer the accounts to beneficiaries.<br />
<br />
</div>
March 13, 2024
9130 / What uniform state laws are in place to safeguard digital assets after death? What is the Uniform Fiduciary Access to Digital Assets Act?
<div class="Section1"><br />
<br />
Until very recently, only a handful of states had enacted laws specifically to address issues surrounding digital assets. However, as people’s digital and online presence has become more widespread, the legislative framework for digital asset protection has grown. As early as 2002, a few states began individually enacting legislation in an attempt to address certain discrete issues arising out of what would become the overarching category of digital assets—starting with email account access and termination—legislation began recognizing and addressing the need to cover additional forms of digital assets that were (and are) continually growing and changing.<a href="#_ftn1" name="_ftnref1"><sup>1</sup></a><br />
<br />
At the state level, a uniform system of dealing with digital assets has arisen relatively recently. In 2014, the National Conference of Commissioners on Uniform State Laws (Uniform Law Commission) completed drafting a proposed uniform law to address the issues surrounding digital assets. In 2015, the Conference approved and recommended for enactment its Revised Uniform Fiduciary Access to Digital Assets Act (“Uniform Act”).<a href="#_ftn2" name="_ftnref2"><sup>2</sup></a> Essentially, the Uniform Act provides the legal authority for a fiduciary to manage a user’s digital assets in accordance with the user’s estate plan, while ensuring that the user’s private electronic communications remain private, unless the user has consented to disclosure.<br />
<br />
The number of states that have enacted the Uniform Act into law has grown very quickly since the Act’s promulgation in 2015. All states have either adopted the Act or have similar legislation in place.<a href="#_ftn3" name="_ftnref3"><sup>3</sup></a> Oklahoma still uses the statute it enacted in 2010 before promulgation of the Uniform Act.<a href="#_ftn4" name="_ftnref4"><sup>4</sup></a> Delaware has enacted a statute that is a substantial equivalent to the Uniform Act.<a href="#_ftn5" name="_ftnref5"><sup>5</sup></a> A detailed listing of each state’s laws on digital assets can be found in Appendix C.<br />
<br />
The Uniform Act provides the following legal authority for fiduciaries of a user and online service providers (“custodians” under the Act) of the user’s digital assets:<br />
<ul><br />
<li><strong><em>Fiduciaries</em></strong> and other designated persons are authorized to access and manage the digital assets and electronic communications of deceased users; and</li><br />
<li><strong><em>Custodians</em> </strong>of digital assets and electronic communications are authorized to permit access or to disclose digital assets to a fiduciary or designated recipient of a user.</li><br />
</ul><br />
Although the Uniform Act addresses four different types of fiduciaries,<a href="#_ftn6" name="_ftnref6"><sup>6</sup></a> the most important for digital estate planning and administration are the executors or administrators of decedent’s estate (“personal representatives” under the Act). Fiduciaries exercise authority over digital assets under the Uniform Act only on the user’s behalf, which is distinct from other types of access to digital assets. Thus, unless family or friends of a decedent are also a user’s fiduciary, they are not covered under the Uniform Act and are instead subject to any other applicable state or federal laws (as discussed in Q <a href="javascript:void(0)" class="accordion-cross-reference" id=""></a>.)<br />
<br />
<div class="refs"><br />
<br />
<hr align="left" size="1" width="33%"><br />
<br />
<a href="#_ftnref1" name="_ftn1">1</a>. <em>See</em> Gerry W. Beyer, “Web Meets the Will: Estate Planning for Digital Assets,” NAEPC Journal of Estate and Tax Planning, vol. 42, No. 3 (Mar. 2015), pp. 28–41, at pp. 39–40.<br />
<br />
<a href="#_ftnref2" name="_ftn2">2</a>. Uniform Law Commission, <em>Fiduciary Access to Digital Assets Act, Revised (2015)</em>.<br />
<br />
<a href="#_ftnref3" name="_ftn3">3</a>. <em>See</em> Uniform Law Commission, <em>Fiduciary Access to Digital Assets Act, Revised (2015) – Enactment Status Map</em>.<br />
<br />
<a href="#_ftnref4" name="_ftn4">4</a>. Okla. Stat. § 58269, http://webserver1.lsb.state.ok.us/OK_Statutes/CompleteTitles/os58.rtf (accessed October 8, 2024). Oklahoma failed to enact a bill introduced in 2016 to adopt the Uniform Act (and, as of 2023, has yet to adopt the Uniform Act). <em><em>See</em></em> Appendix for details of the legislation.<br />
<br />
<a href="#_ftnref5" name="_ftn5">5</a>. Del. Code tit. 12, ch. 50, §§ 5001–5007, available at https://delcode.delaware.gov/title12/c050/index.html (accessed October 8, 2024).<br />
<br />
<a href="#_ftnref6" name="_ftn6">6</a>. These are: (1) personal representatives (executors or administrators) of the estates of deceased persons, (2) court-appointed conservators of the estates of protected (living) persons, (3) agents appointed by principals under powers of attorney, and (4) trustees acting on behalf of settlors (<em>i.e</em>., trustors).<br />
<br />
</div></div><br />
March 13, 2024
9138 / What measures should be taken to ensure digital assets are preserved for administration of the digital estate after death?
<div class="Section1"><br />
<br />
A digital fiduciary should be prepared to take necessary steps to ensure that digital assets of the estate will continue to be in existence throughout the period of administration, probate, or other necessary time period. A digital fiduciary should have, or make, a comprehensive inventory of digital assets and take necessary measures to ensure that the assets are preserved and not deleted or otherwise destroyed except according to the decedent’s wishes, or after they have been carried out. (<em><em>See</em></em> Q <a href="javascript:void(0)" class="accordion-cross-reference" id="9139">9139</a> on ultimate disposition or disposal of digital assets.)<br />
<br />
Digital assets can be divided into the following categories:<br />
<p style="padding-left: 40px;">(a) Assets stored on electronic devices and tangible media (offline assets).</p><br />
<p style="padding-left: 40px;">(b) Assets stored online, including email and other electronic communications and other online digital assets.</p><br />
Each category of digital assets requires a different approach to preserving the assets after the death of the user, as discussed below. Digital assets stored on electronic devices require different measures than those stored in online accounts. Likewise, online electronic communications are subject to different rules than other online digital assets.<br />
<br />
(a) Accessing offline digital assets<br />
<br />
Some digital assets, particularly those stored on a person’s own electronic hardware devices (computers, smartphones, tablets, digital cameras, etc.) and tangible media (such as external hard drives, flash drives, CD- and DVD-ROMs), are generally within the direct control of the owner or user. A digital fiduciary should take care in the use and handling of electronic devices. Some devices, such as smartphones, can be damaged or even wiped of data after too many unsuccessful login attempts. In addition, external hard drives can be damaged by mishandling and scratches on CDs and DVDs may render any data on them unreadable. To ensure that any digital assets on physical hardware and media is preserved after death, the original items should be stored carefully in protective cases and an appropriate environment (e.g., temperature or humidity controlled). In addition, the digital fiduciary should consider copying digital data from hardware to a separate backup that is kept separately in case of damage or loss of the original source. This is especially important for potentially valuable digital assets and information.<br />
<br />
(b) Accessing online digital assets<br />
<p style="padding-left: 40px;">Unlike digital information stored on physical devices and media, information in online accounts is often out of the direct control of the user and is subject to the particular terms of each online service provider’s terms of service agreement. This means that a user must pay special attention to the terms of service and policies of the online service provider.</p><br />
<p style="padding-left: 40px;">Some providers may delete a deceased user’s account after a specified period of inactivity. In states that have adopted the Uniform Act, sections 7 and 8 set out a process for an executor or administrator of an estate to access the decedent’s electronic communications and other digital assets. However, the terms of service may have an important impact on the ease and ability of an executor or administrator to access the deceased user’s account. It is important to consult the service provider’s policies on deletion of inactive accounts and any procedures the provider has in place to access a deceased user’s account. (<em><em>See also</em></em> Q <a href="javascript:void(0)" class="accordion-cross-reference" id="9130">9130</a> to Q <a href="javascript:void(0)" class="accordion-cross-reference" id="9131">9131</a> above.)</p><br />
<br />
<ol><br />
<li><strong>Online email and other electronic communications</strong>. Email, social media, and other electronic communications are subject to the Uniform Act in states that have adopted it.</li><br />
</ol><br />
<p style="padding-left: 40px;">The Uniform Act (§ 2(12)) defines an <em>electronic communication</em> by reference to federal law, 18 U.S.C. § 2510(12), which defines the term very broadly as “any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature.” This encompasses not only email, but also social media accounts, websites, and many other things. In states that have adopted the Uniform Act, section 7 covers the disclosure of the content of a deceased user’s electronic communications.</p><br />
<br />
<ol start="2"><br />
<li><strong>Online tools</strong>. Online service providers are increasingly recognizing the need to provide tools and procedures to enable access to their account holders’ accounts after they die. Under the Section 2(16) of the Uniform Act, these tools and procedures are encompassed within the term “online tool,” which is defined as “an electronic service .?.?. that allows the user, in an agreement distinct from the terms-of-service agreement.?.?., to provide directions for disclosure or nondisclosure of digital assets to a third person.” These tools are intended to be used by users while they are alive, to make decisions about the disposition of their accounts if the user dies (or in other cases of extended inactivity). An example of such a tool is Google’s Inactive Account Manager,<a href="#_ftn1" name="_ftnref1"><sup>1</sup></a> which allows users to decide if and when a user’s account is treated as inactive, what happens with the account’s data, and who is notified.</li><br />
</ol><br />
<p style="padding-left: 40px;">Section 4 of the Uniform Act sets out the procedure for use of an online tool to provide directions to the online service provider on disclosure of account information and content. The section also provides for substitution of authorization set out in a will, trust, or power of attorney when a user (the decedent) does not use an online tool or in the absence of an online tool.</p><br />
<br />
<ol start="3"><br />
<li><strong>Programs for accessing deceased user’s account</strong>. Some online tools are created by online service providers to deal with issues surrounding decedents’ (and others’) accounts. These are covered under the Uniform Act and a user’s instructions as expressed using an online tool will take precedence over provisions in a will, trust, or power of attorney.</li><br />
</ol><br />
<p style="padding-left: 40px;">Other programs are designed to provide access to the accounts of deceased users. For example, Microsoft has a Next of Kin Process<a href="#_ftn2" name="_ftnref2"><sup>2</sup></a> to provide access to a decedent’s account.</p><br />
<br />
<ol start="4"><br />
<li><strong>Fiduciary access</strong>. As discussed above, the fiduciary of a deceased user may access the user’s electronic communications, including the content of such communications, and other digital assets, if and to the extent authorized by the user in an online tool, a legal document such as a will, trust, or power of attorney, and the service provider’s terms of service.</li><br />
</ol><br />
<p style="padding-left: 40px;">When complying with a request to disclose digital assets, a service provider may provide full access, partial access (sufficient to perform the tasks the fiduciary is charged with), or provide “a copy in a record of any digital asset that, on the date the custodian received the request for disclosure, the user could have accessed if the user were alive and had full capacity and access to the account.”<a href="#_ftn3" name="_ftnref3"><sup>3</sup></a></p><br />
<br />
<ol start="5"><br />
<li><strong>Other online digital assets</strong>. The fiduciary of a deceased user may obtain a copy of a catalogue of electronic communications, and the user’s (noncommunication) digital assets. Section 8 of the Unified Act provides, “Unless the user prohibited disclosure of digital assets or the court directs otherwise, a custodian shall disclose to the personal representative of the estate of a deceased user a catalogue of electronic communications sent or received by the user and digital assets, other than the content of electronic communications, of the user, if the representative gives the custodian” [appropriate documentation].</li><br />
</ol><br />
(c) Importance of Terms of Service Agreements<br />
<p style="padding-left: 40px;">From an estate planning perspective, some terms of service agreement provisions are important to consider, especially when planning for a user’s incapacity or death. Each online service provider has its own terms of service and those terms change often. These terms often have restrictions on transferring the account to another person, letting another person use a password, as well as whether and how the account may be accessed after the death of the user.</p><br />
<p style="padding-left: 40px;">Some online service providers have terms of service agreement provisions that specifically state that the account and its contents are not transferable to another person, even when of the user dies. (For example, Yahoo!<a href="#_ftn4" name="_ftnref4"><sup>4</sup></a> and Apple<a href="#_ftn5" name="_ftnref5"><sup>5</sup></a> have such a provision, which means that a digital fiduciary administrator may only request the account’s deletion. Note, however, that there may be exceptions.)<a href="#_ftn6" name="_ftnref6"><sup>6</sup></a></p><br />
<p style="padding-left: 40px;">These may also complicate important tasks, such as retrieving and paying a decedent’s online bills and other important documents.</p><br />
<p style="padding-left: 40px;">Here are several questions to consider in reviewing terms of service agreements:</p><br />
<br />
<ol><br />
<li style="list-style-type: none;"><br />
<ol><br />
<li>May the user share the user’s password or let others access the user’s account?</li><br />
<li>May the user transfer the user’s account?</li><br />
<li>Does the user’s account terminate on the user’s death?</li><br />
<li>What rights to the user’s data are being assigned to the company?</li><br />
</ol><br />
</li><br />
</ol><br />
<div class="refs"><br />
<br />
<hr align="left" size="1" width="33%"><br />
<br />
<a href="#_ftnref1" name="_ftn1">1</a>. <em>See</em> https://support.google.com/mail/answer/14300?hl=en (accessed October 8, 2024).<br />
<br />
<a href="#_ftnref2" name="_ftn2">2</a>. <em>See</em> https://answers.microsoft.com/en-us/outlook_com/forum/oaccount-omyinfo/my-family-member-died-recently-is-in-coma-what-do/308cedce-5444-4185-82e8-0623ecc1d3d6 (accessed October 8, 2024).<br />
<br />
<a href="#_ftnref3" name="_ftn3">3</a>. Uniform Act § 6(a)(3).<br />
<br />
<a href="#_ftnref4" name="_ftn4">4</a>. <em>See</em> Yahoo.com, Help Pages, https://help.yahoo.com/kb/SLN2021.html?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAC9wjkO3HluTlxJELJHPpuM7lAXG43Y0281V2y_iwhxNKoJi46QjnbXcSvzViiWHTPjEh0sCdqtj8MJvHOonXNvR3LzPS2QYAePDa8H93f6bf5goG4bejTMvg2T2fBwBprD1dyxw6k2VFDfj9fQ564JGoiIXbYrtoxGtQGtPW7fT (accessed Oct. 8, 2024).<br />
<br />
<a href="#_ftnref5" name="_ftn5">5</a>. <em>See</em> Apple.com, Discussions, https://discussions.apple.com/thread/5934153 (accessed October 8, 2024).<br />
<br />
<a href="#_ftnref6" name="_ftn6">6</a>. While Yahoo’s terms of service provide that “Neither the Yahoo account nor any of the content therein are transferable, even when the account owner is deceased,” a Yahoo spokesman said, “While we do not allow access to a decedent’s account, if an individual has lawful consent to the account’s contents, we will provide the content.” Rosalyn Retkwa, “Say you’re dead – who gets access to your online accounts?” CBS News (Oct. 31, 2016), http://www.cbsnews.com/news/say-youre-dead-who-gets-access-to-your-online-accounts/ (accessed Oct. 8, 2024).<br />
<br />
</div></div><br />
March 13, 2024
9136 / What options does an individual have with respect to disposing of digital assets after death?
<div class="Section1"><br />
<br />
The next step in formulating a digital asset estate plan is to decide what to do with the assets after death. Because there are likely personal, individual financial, and business-related accounts and information, the preferred disposition of those assets will likely vary. The owner of the digital assets should specify how each type of asset should be handled after death.<br />
<p style="text-align: center;"><strong>Personal (Nonfinancial) Information and Accounts</strong></p><br />
Digital assets of a personal nature, without real monetary value, may nevertheless be priceless to family and friends. Alternatively, there may be information that an individual wants to ensure is not preserved or passed on to family or friends. Some of the ways that such personal assets can be disposed of are discussed below.<br />
<ol><br />
<li><em>Archive and save.</em> A person may want personal assets (such as photos, emails, contact or birthday lists, and any number of other types of information) to be saved and stored or archived for future use or reference (such as genealogical records) by others, or to preserve the individual’s personal story of life. Some ways this may be done are the following:</li><br />
</ol><br />
<ul><br />
<li style="list-style-type: none;"><br />
<ul><br />
<li>Download online account information (when available to do so) to a home, business, or mobile computer, or other mobile device, or to tangible physical media, such as CDs, DVDs, external hard drives, flash drives, and even paper printouts.</li><br />
<li>Some online providers (such as Facebook and Google) allow users to download their account information (photos, posts, messages, comments, etc.).</li><br />
<li>There are also third-party apps and software to assist in downloading one’s online account information, when the provider does not have an easy means of doing so.<a href="#_ftn1" name="_ftnref1"><sup>1</sup></a></li><br />
<li>If already stored on a home, business, or mobile computer, or other mobile device, the information can be transferred, backed-up, or archived to tangible media.</li><br />
</ul><br />
</li><br />
</ul><br />
<ol start="2"><br />
<li><em>Transfer or make available to family members, friends, or others.</em> Whether they reside on personally owned hardware or tangible media, or is stored online in the cloud, a person may wish to transfer some personal digital assets to family, friends, business colleagues, alumni groups, or others. (Some formal and informal ways to do this are described in Step 3 below.)</li><br />
</ol><br />
<ul><br />
<li style="list-style-type: none;"><br />
<ul><br />
<li>There are also ways of memorializing a decedent to make available the person’s life story, as told through social media, photo-sharing accounts, or other personal accounts. These include Facebook’s memorial profiles of deceased users and dedicated websites set up (usually posthumously) for a similar purpose.</li><br />
</ul><br />
</li><br />
</ul><br />
<ol start="3"><br />
<li><em>For some online accounts, specify disposition using available online tools.</em> Some online providers have developed online tools that a user may use to specify what should happen to the account in the event of the user’s death or the extended inactivity on the account—for example, Google’s Inactive Account Manager. (These tools are discussed in Q <a href="javascript:void(0)" class="accordion-cross-reference" id="9131">9131</a> above.)</li><br />
<li><em>Delete or erase.</em> Some personal digital assets and information serve no use after a person’s death (such as an Amazon wish list, an eBay buyer’s account, or smartphone apps) and may be deleted or erased.<a href="#_ftn2" name="_ftnref2"><sup>2</sup></a> There are also some personal digital assets and information that a person specifically wants <em>not</em> to be seen, read, saved, archived, or transferred to anyone else after the person’s death. These may consist of anything from sensitive medical records to racy photos. (<em><em>See</em></em> Q <a href="javascript:void(0)" class="accordion-cross-reference" id="9137">9137</a> for additional information about closed, deleted, and erased accounts.)</li><br />
</ol><br />
<p style="text-align: center;"><strong>Assets with Real or Potential Monetary Value</strong></p><br />
For digital assets with real or potential monetary value, a person will probably want to provide for their transfer or handling in a specific way, and by specific parties, after the person’s death. Here are some questions to ask when considering how to dispose of monetary digital assets:<br />
<ol><br />
<li><em>Assets with cash value.</em> For accounts with assets such as online digital currency and the like (other than ordinary banking, investment, or insurance accounts, which are typically covered under traditional estate planning):</li><br />
</ol><br />
<ul><br />
<li style="list-style-type: none;"><br />
<ul><br />
<li>Should the account be cashed out or remain (as an investment, for instance)?</li><br />
<li>Should the account be transferred to someone else, either as owner or fiduciary, to make decisions and receive or distribute any proceeds derived from the asset?</li><br />
</ul><br />
</li><br />
</ul><br />
<ol start="2"><br />
<li><em>Revenue-generating assets</em>. For revenue-generating assets, such as commercial websites, online stores, or registered domain names:</li><br />
</ol><br />
<ul><br />
<li style="list-style-type: none;"><br />
<ul><br />
<li>Should it be transferred to someone who will continue to manage the asset and collect or distribute the income?</li><br />
<li>Should it be closed after any remaining inventory is sold?</li><br />
<li>Should it be closed immediately?</li><br />
<li>If an asset continues to generating revenue, where, to whom, or for what purpose should the income go?</li><br />
</ul><br />
</li><br />
</ul><br />
<ol start="3"><br />
<li><em>Other assets.</em> For valuable digital assets that do not generate revenue, such as rewards, loyalty, frequent flyer, and similar programs:</li><br />
</ol><br />
<ul><br />
<li style="list-style-type: none;"><br />
<ul><br />
<li>Should any credits, points, or available cash value be redeemed, and if so, by whom and for whose benefit? (The terms of each such account should be checked to ensure that the redemption value remains after the death of the account holder.)</li><br />
</ul><br />
</li><br />
</ul><br />
<div class="refs"><br />
<br />
<hr align="left" size="1" width="33%"><br />
<br />
<a href="#_ftnref1" name="_ftn1">1</a>. For example, a service called Backupify, https://www.backupify.com/, can be used to help download content from Gmail, Facebook, Twitter, and other personal accounts (accessed October 8, 2024).<br />
<br />
<a href="#_ftnref2" name="_ftn2">2</a>. Deletion of an account may involve first closing the account—without retrieving, saving, or archiving the account information. Alternatively, many accounts will be disabled and eventually deleted after an extended period of inactivity. While a user could simply leave these types of accounts open, with the expectation that they will eventually be deleted, the more advisable course is to actively delete them in order to prevent their misuse or hijacking.<br />
<br />
</div></div><br />