As more people transact more business online each year, concerns are growing around how digital assets are managed after death. Here are some answers to three common questions about digital assets. Please keep in mind, though, that this is a developing area of law, so things are relatively unsettled and much of what is suggested below is based on practical, rather than legal, considerations. Check back to our Knowledge Base regularly for updates.
1. What are digital assets?
There is no single definition of digital assets right now. Digital assets are widely varied, but some types of commonly recognized digital assets are: photos, music and documents stored on a computer hard drive or online in Dropbox, Google Drive, iCloud, and other digital storage services; the contents of email accounts, such as the email messages themselves and attachments; software installed on a computer; online bank and investment accounts; social media accounts; bitcoins; websites; prepaid credits in online accounts; and others. This article primarily deals with online assets, as the contents of a hard drive or computer that is physically in the possession of a surviving spouse or personal representative (commonly known as an “executor”) are much easier to access without a password, so long as it is not encrypted.
2. What happens to your digital assets when you die?
Many of your digital assets will simply sit as you left them until some action is taken to terminate the account. Your online bank accounts and investment accounts, for example, should not expire without some action being taken by someone acting on behalf of your estate.
Other assets may be lost when the account requires renewal, but no one has access to agree to the renewal, or the credit card to which the renewal fee is charged is closed or expires. As an example, if you own valuable website domain names, but they are set to be manually renewed each year, if no one has access to that account (or the email account to which renewal notices are sent), those domain names may be lost, and their value along with them. Any kind of paid online account that has periodic renewal is likely to result in similar circumstances – think Dropbox.
In other cases, accounts may be terminated upon your death, due to the terms of service. For example, Yahoo’s terms of service say that it has the right permanently delete your entire yahoo.com email account up receipt of a death certificate:
No Right of Survivorship and Non-Transferability. You agree that your Yahoo account is non-transferable and any rights to your Yahoo ID or contents within your account terminate upon your death. Upon receipt of a copy of a death certificate, your account may be terminated and all contents therein permanently deleted.
Gmail’s terms of service, on the other hand, don’t mention death at all, so it is difficult to know with certainty what Google does in the event of an account holder’s death, although according to statements by a spokesperson, Google may delete an account after nine months of inactivity.
Some online service providers are getting with the times, though, and providing means for deciding in advance what will happen to your accounts after your death. Facebook, for example, allows you to decide whether your account will be “memorialized” or deleted upon your death. If it is memorialized (i.e., turned into a memorial for you, potentially including a way for friends to post about you), Facebook now allows the appointment of another person as a “legacy contact” to manage the memorialized page. The legacy contact is not permitted to log in to the account, though, so they can’t post in your name, but depending on the settings you choose, they may be able to download a copy of your full account, including pictures you’ve posted. Read more about Facebook’s after-death options here.
Finally, certain types of assets are likely to more-or-less evaporate upon the death of the owner, whether or not access to the account is available. For example, digital music purchased through iTunes, Amazon or Google Play is licensed to the purchaser. That is, the purchaser gets the right to use the music but doesn’t actually own the music. That means, upon the death of the license holder, the license expires. This may change over time, as the first wave of digital asset owners begins to die in larger numbers, but it will take time to develop.
3. How can I protect my digital assets after my death?
Facebook aside, digital assets can have significant value; but getting access to them can be difficult, if not impossible, for the person responsible for managing the assets of their deceased owner. Not only are security measures in place on many computers and online accounts that tend to keep others out, but current law in most states fails to differentiate between malicious unauthorized access to digital account and the type of “unauthorized” access that a surviving spouse or personal representative must achieve in order to gather a deceased individual’s digital assets.
The biggest problem is with online accounts. Even if the accounts are mentioned in a Will, giving either the named personal representative or some other person the decedent’s permission to access the account, that person’s access will likely violate the terms of service of the account, since the deceased user’s username and password must be used to access the account.
That’s where the Uniform Fiduciary Access to Digital Assets Act (“UFADAA”) comes in (by the way, “Fiduciary” refers to a personal representative of a decedent’s estate or the guardian of an incapacitated person). UFADAA was drafted by the Uniform Law Commission, a group of lawyers from across the country that has been preparing suggested laws for states to adopt since 1892. The purpose of UFADAA is to overcome the situations where an online service provider won’t give a personal representative access to an account due to the provider’s doubt about what the law allows.UFADAA does not change or override the terms of service of the online account, but once enough states have adopted UFADAA, more online service providers should begin to provide the tools to allow the appointment of a person to handle online assets after death. What Facebook has done is a starting point, but UFADAA allows service providers to grant broader account access. The Washington legislature is considering passage of UFADAA at the time of this writing. Because UFADAA is retroactive, a personal representative will be able to get access to the accounts of the decedent whose estate he/she is administering, even if the Will was executed before the passage of UFADAA by the state legislature, or if the decedent died before passage of UFADAA.
As a result, three things are critically important to protect your digital assets: 1) have a valid Will that gives your personal representative the right access to your accounts; 2) for accounts that allow it, designate someone to be given access or management; and, 3) ensure that your accounts can be found and identified as yours.
As to making sure your accounts can be found, the use of a password manager can be very helpful. If you are not familiar with password managers, you should start using one right away (read this article). Examples of well-known password managers are Lastpass and Dashlane. As the name implies, a password manager manages passwords – pretty obvious. They will also allow you to securely generate and store a complex and unique password for each of your various online accounts – no more using the same password everywhere. Most, like Lastpass (the only one I have much experience with), will also fill in your username and password when you want to log in to an online account. You just need to remember your master password. To be honest, I thought password managers seemed like a silly idea until I had too many accounts to remember all of the passwords – now I don’t know how I would function without it.
All of those features are great, but not the reason I mention password managers here. By making your password manager the central vault for all of your accounts and their associated usernames and passwords, the process of giving your surviving spouse or personal representative access is greatly simplified. Lastpass now has an “emergency access” feature that allows you to designate one or more trusted people to be given access to your Lastpass account, and therefore all of your other online accounts, in the event of your death or incapacity. You designate the person and choose how long they will have to wait after requesting access (of course, they need to be notified about being designated, too, so they know to go to Lastpass to request access); that wait time can be anywhere from no wait to 30 days. If they request access, but you are not really dead or incapacitated, you will have notification and an opportunity to block the access request (unless you chose “immediately”). Otherwise, they will be given access after the designated time has passed.
Lastpass is definitely not the only provider of such a service, so look around to find one that works best for you. For example, Securesafe.com is also a password manager but purports to allow you to leave individual digital assets to specific beneficiaries. Beware, though, that such designations are unenforceable on their own, so unless your estate planning documents include a matching list of assets and beneficiaries, the digital allocation of digital assets may not be respected by your personal representative or a probate court. These services are constantly evolving and merging with others. An indication of the pace of change in this arena is the fact that the three digital repositories listed in this 2010 article have all been merged into other businesses – one of them twice – and none of the survivors is focused solely on passing on digital assets after death.
If you are not using a password manager with an emergency access feature, you can simply store your master password in a secure, offline location accessible to your surviving spouse or personal representative – a safe deposit box or home safe are examples. Just make sure to provide for access to that secure storage spot in the event of your death or incapacity. Until UFADAA is widely adopted, and the majority of online account terms of service, a good password manager is your best bet for ensuring your digital assets are accessible to your surviving loved ones. Remember, though, access to your online accounts by your surviving spouse or personal representative will still likely violate the terms of service of the various accounts, so this type of access should be thought of as a way to salvage your valuable content, not a way to carry on with the same account in the long-term.