Journal of Financial Planning: December 2014
Digital assets have made headlines this year in the financial planning world as planners are starting to see the impact that online accounts and digital assets can have on a family during estate administration. Financial planners are not the only ones who have begun to take notice of the complexities involved surrounding online accounts and death. As a result, 2014 brought with it the approval of the Uniform Fiduciary Access to Digital Assets Act (UFADAA or “the Act” or “Uniform Act”) by the Uniform Law Commission (ULC). We also saw the first state—Delaware—pass the Act.
What’s the Impact of the Approved Legislation?
The UFADAA allows a third party legal access to an account holder's digital assets so the fiduciary will be able to perform legally required duties. The Act is directed toward specific parties acting in a fiduciary capacity: personal representatives of a decedent’s estate, conservators for protected persons, agents acting pursuant to a power of attorney, and trustees. The Act gives those fiduciaries the power to access and control those digital assets in order to fulfill their fiduciary duties.
Why Is The Act Needed?
Currently, many terms of use agreements with Internet service providers strictly limit access to the account holder. For example, Yahoo’s user agreement states:
No right of survivorship and non-transferability. You agree that your Yahoo account is non-transferable and any rights to your Yahoo ID or contents within your account terminate upon your death. Upon receipt of a copy of a death certificate, your account may be terminated and all contents therein permanently deleted.1
These terms of use are legally binding agreements between the service provider and the account holder. Currently, when an account holder passes away, the executor administering his or her estate does not have any legal authority to overstep these restrictions without going through the arduous process of obtaining a court order, which is time consuming, expensive, and not always successful. If a fiduciary was able to find a password and access the account, the fiduciary could face significant fines and even jail time for more egregious violations due to current electronic privacy and anti-hacking laws, including the Electronic Communications Privacy Act (ECPA), and the Computer Fraud and Abuse Act (CFAA).
What Are Digital Assets?
The Act defines a digital asset as an “electronic record” and further defines a “record” as “information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form.”2
Common examples of digital assets are emails, text messages, digital photos, online financial account information, online passwords, and digital video and music files. This list is not exhaustive and will continue to expand as technology, and our reliance on it, grows.
The Act’s definition of a digital asset clarifies that the underlying asset or liability pertaining to the electronic record must also be an electronic record if it is to be covered by the Act.
An online brokerage account might provide a pertinent example of where an electronic record is separated from its underlying asset that is not an electronic record. Imagine a personal online brokerage account that provides information on an individual’s asset holdings. The data that exists in the online brokerage account detailing the stock holdings would be considered an electronic record. However, the underlying asset would be the ownership interest in the corporation represented by the stock holding. In that example, the Act would give authority over the electronic records pertaining to the stock ownership, but it would not extend so far as to give control over the actual company ownership represented by the stock.3
Pictures saved in an online Dropbox account provide an example of where the underlying assets themselves would be considered electronic records. The information contained in the Dropbox account, which includes the catalog and descriptions of pictures stored in various folders, is considered an electronic record and therefore a digital asset. The digital photos to which that information pertains would be the underlying assets. Therefore, the catalog and description information and the digital photos would be covered under the Act, beause they fit the definition of electronic records.
Limitation of the Act
The Act is limited in that it only gives fiduciaries legal authority over the digital assets while performing their fiduciary duties. An agent under a power of attorney would be prohibited from using a principal’s Facebook page to advertise a side business of the agent or to use the principal's MP3 collection to start a DJ business (which would more than likely violate copyright laws as well).
The Act also specifically limits the power granted to a fiduciary so that the fiduciary is not given more authority over a digital asset than the account holder would have had over the asset him or herself. For example, an executor who takes over the email account pursuant to the administration of a decedent’s estate is still subject to the terms of use agreement of the service provider. The fiduciary could not begin to use the email account to send out spam messages or perform other acts that would be a violation of those terms if the account holder had done those things himself.
Interplay of Existing Law
It is important to note that the UFADAA is not a free-standing, self-contained body of law. It overlays existing federal privacy laws and contains carve-outs based on other state-specific laws and definitions that may be in existence now or be enacted in the future.
It is critical for fiduciaries to understand how the UFADAA will dovetail with existing federal laws and other laws specific to their jurisdiction.
For example, the Electronic Communications Privacy Act (ECPA) is a federal law that governs privacy of the content of electronic communications. The UFADAA, while providing the fiduciary access to email accounts, might not provide a fiduciary the authority to disclose certain contents contained in an email or other digital communication, as that content may remain protected under provisions of the ECPA.4
A state law carve-out is contained in the portion of the Act that applies to a conservator’s authority. It illustrates that the authority given by the Act is not necessarily automatic. Section 5 of the Act requires that a court include a specific grant of authority over digital assets in the court’s order to a conservator before the conservator is allowed to access a ward’s digital assets.5
Current State-Specific Legislation
Delaware’s bill, the Fiduciary Access to Digital Assets and Digital Accounts Act, was signed by the governor on August 12, 2014, after both the Delaware House and Senate passed the legislation on June 30. This was prior to the ULC approving the final version of the legislation on July 16, 2014. Nonetheless, Delaware’s law contains a lot of provisions similar to previous versions of the Uniform Fiduciary Access to Digital Assets Act.
Many other states are lining up to pass this legislation, or something very similar. We will not know until January which states introduce the legislation, and it will take some time before states actually vote on it, but 2015 should be a very interesting year for the advancement of digital asset legislation.
Seven states already have legislation on digital assets in place. Connecticut, Indiana, Rhode Island, Oklahoma, Idaho, Virginia, and Nevada passed legislation governing digital assets prior to 2014. These laws vary in depth from the very basic to fairly comprehensive—mainly depending on when the law was passed.
Connecticut (signed into law in 2005) provides the executor or administrator access to or copies of the contents of a decedent’s email account.
Indiana (signed into law in 2007) provides the personal representative of a decedent, who was a resident of Indiana at the time of their death, access to or copies of information of the deceased by the company (i.e., custodian). Indiana’s legislation also mandates that a custodian cannot destroy electronically stored information for two years after they receive a request.
Rhode Island (signed into law in 2007) has legislation that is very similar to that of Connecticut. It provides the executor or administrator access to or copies of the contents of a decedent’s email account.
Oklahoma (signed into law in 2010) provides an executor or administrator the power to take control of, conduct, continue, or terminate any accounts of a deceased person on any social networking website, any microblogging or short message service website, or any email service website.
Idaho (signed into law in 2011) has legislation that is very similar in scope to the Oklahoma legislation.
Virginia (signed into law in 2013) provides that a “personal representative of a deceased minor who was domiciled in the Commonwealth at the time of his death may assume the deceased minor’s terms of service agreement for a digital account.”
Nevada (signed into law in 2013) provides the personal representative with the power to terminate a digital account.
These seven states will likely want—and really need—to consider passing a more comprehensive law such as the Uniform Fiduciary Access to Digital Assets Act. Although these state-specific bills were a good starting point (and Connecticut was a trailblazer passing legislation almost a decade before the ULC approved its Act) it is clear that there is a gulf between the ULC-approved Act and the legislation on the books in these states.
First, all of these bills simply address the personal representative, while the Uniform Act addresses the personal representative, trustee, power of attorney, and the conservatorship. However, you can also see that each bill primarily addresses a sliver of what is ideal, while the Uniform Act provides the ability for the named fiduciary to essentially become the digital account holder. This is a big difference in the flexibility that the fiduciary will have in order to appropriately close the accounts while preserving any data the user may have wanted loved ones or friends to keep.
What’s the Impact to Consumers and Financial Planners?
Until more states actually pass the Act, the immediate impact is rather small. However, there is momentum in this area in legislative chambers across the country. An interesting development is that Yahoo has already come out against the Delaware Act, claiming it is a violation of privacy. This argument has been used before, and it is a concern for two reasons: (1) the argument could be accepted by politicians and the progress of the legislation stalls; and (2) the states that do pass the legislation could see a legal challenge ahead.
This also starts to open up a prime opportunity for financial planners to provide insight to clients about what is important for them to keep in mind about their digital accounts. There are at least five parts of a checklist that clients should consider when thinking about their digital accounts:
Write down the name/website of every online account. This provides loved ones with a list of all the websites the client knows those loved ones may need to access to gather important information.
Document usernames and passwords. This step may be as simple as documenting the one password manager that clients use (e.g., LastPass). Nonetheless, this can save families a lot of headaches if they live in a state that hasn’t passed the Uniform Act.
Write down the email address associated with the account. In the event the password has been reset since the last time the password was documented, alerting loved ones of the associated email account will provide the family with a potentially easier means to retrieve the password.
Document what information each website contains and whether or not it is a priority. This step has the ability to save the family lots of time and anxiety as they figure out what is essential information and why.
Talk with their estate attorney about the appropriate way to document this in their legal documents. This obvious step simply coordinates the clients’ estate documents with laws in their state—or with future laws that may be passed.
Conclusion
The financial planning profession is unique in that it has primarily grown up with the baby boomers. We’ve helped them every step of the way, from IRAs and life insurance in the 80s, 529 plans and stock options in the 90s, and second homes, estate documents, and long-term care insurance in the 2000s.
Now, as more of our clients are aging, it’s also the simple step of helping them transition things to their families. Digital assets and accounts are an important piece of that transition. These accounts pay bills, store precious memories, allow old friends to share childhood stories, and provide many other benefits to our clients. Staying up to speed on regulations and legislation concerning digital assets is another cog where we demonstrate leadership in our clients’ lives.
William Bissett, CFP®, is a wealth manager with Pinnacle Advisory Group and the founder of Principled Heart (www.principledheart.com). Andrew W. Blair, J.D., CPA, is a tax and estate planning attorney with Manning, Fulton & Skinner P.A. in Raleigh, North Carolina.
Endnotes
- Yahoo Terms of Service, March 16, 2012; https://info.yahoo.com/legal/us/yahoo/utos/en-us/
- National Conference of Commissioners on Uniform Laws, Uniform Fiduciary Access to Digital Assets Act, Approved July 16, 2014
- Other laws governing fiduciary relationships may still give the fiduciary control over that underlying asset; the UFADAA, however, would not.
- 18 U.S.C. § 2701 et seq (ECPA) and 18 U.S.C. § 1030 (CFAA)
- 18 U.S.C. § 2702