Journal of Financial Planning: November 2012
Executive Summary
- Most of your clients have digital assets; in fact, there are 271 million North American Internet users. However, many times planning for digital assets is overlooked, even when it involves financial or business assets.
- This article examines the planning issues and concerns regarding digital assets. Questions that clients need to examine in the event of incapacity or death are explored with possible solutions to address clients’ concerns. Issues addressed include:
- What digital information to include in a digital asset inventory
- Security concerns involving digital assets
- State of the law and website policy concerns
- Why planning is important
- The planning process
- Selecting a digital asset personal representative and the information they need
- Disposing of digital assets
- Preventing identity theft
- Careful planning can reduce the cost and frustration in dealing with clients’ digital assets, and clients need to be aware of the ramifications of failing to do so.
James F. Hopson, J.D., CPA, is an accounting and tax professor at the University of Central Missouri and was formerly a CFP® certificant. He practiced law, accounting, and financial planning in Texas before returning to the classroom.
Patricia D. Hopson, CPA, was an adjunct professor at the University of Central Missouri and practiced accounting for over 25 years before retiring.
Most of your clients have digital assets; in fact, there are some 271 million North American Internet users. Have you suggested that they plan what happens to their digital assets in the event of death or disability? Where would their personal representative, agent, or executor begin? In the past, important papers were kept in a safe deposit box, but in today’s world, many of the records once kept locked up in a safe are now locked up in a digital world. How would their personal representatives gain access to digital information they need to manage the estate? Are these assets personal, financial, or business?
These online assets may include websites (domain names), personal and business email or similar accounts, Facebook and Twitter accounts, other social networks, blogs, creative works, digital photographs, music, playlists, videos, games, medical records, tax returns, online bank accounts and broker accounts, eBay accounts or stores, PayPal, Amazon accounts, online bill paying, loyalty programs, entertainment accounts, customer information, client files, or other digital assets. In addition, there is the actual hardware, such as computers, backup drives, or other such devices and commercial digital storage sites where many of these assets are stored. Each account and/or computer may have different usernames, passwords, and security questions. Also, how would the personal representative access your clients’ computer if they use a thumbprint scanner or other biometric device? Clients may need to separate the different assets into personal, financial, or business accounts, and then decide what happens to these assets in the event they are no longer able to access the accounts. Their digital world will live on past their mental incapacity or death.
Clients should assemble an inventory of accounts that they don’t want to die with them, with any monetary value noted (the IRS is now looking at the value of digital assets). This inventory should include, but not be limited to, the following information:
- Domain name
- Online accounts
- Username
- Password
- Personal Identification Numbers
- Security question and answer
- Purpose of the asset (don’t forget information on the office computer)
- Computers, laptops, tablets, routers, USBs, CDs, DVDs, and other hardware and their locations and passwords
- Software
- Important files, photos, videos, and their digital location; consider how hard it is for you to find some files on your computer—map the location of main folders for your personal, financial, tax, investment files, and your clients’ files and documents
- Online backup accounts
- Ownership of the accounts, if jointly owned
This information needs to be continuously updated when new accounts are added or passwords and security questions are changed.
There may be personal accounts to which representatives will need access to carry on the clients’ business, but there may also be accounts clients do not want anyone to know about or accounts they don’t want others to access. Once clients have made decisions about which account someone else may need to access, they need to consider how online sites’ policies and user agreements affect third-party access. How does the legal uncertainty affect agents’ or executors’ rights to access these accounts? Does a power of attorney allow agents/executors access? How do you prevent identity theft of an incapacitated or dead client?
State of the Law and Website Policies
Few states have addressed the issue of what are the rights of personal representatives, agents, or executors when digital assets are involved. With only five states (Connecticut, Idaho, Indiana, Oklahoma, and Rhode Island) that have passed laws on digital assets, answers remain cloudy as to which law applies, domestic or foreign, the law where the site’s computers are located, or where they are incorporated, or the laws of the state where the client resides. There are federal laws against unauthorized access, and courts generally enforce click-through policies. Click-through policies refer to those places where most of us just click “I agree” at the bottom of the webpage we want access to without reading the agreement.
With current privacy laws, it is understandable why many web companies don’t jump at the opportunity to share their clients’ information with others. Some websites may have policies that allow a personal representative access in the event of incapacity or death, but many expressly prohibit access or have no stated policy in their user agreement. Many websites might prohibit assigning or transferring accounts or allowing other users to access your clients’ accounts, and some even state that the account terminates upon the clients’ death and that they have the right to permanently delete all contents.
Regardless of policies, the web companies are probably not going to allow access without some written document or court order. By the time personal representatives who were not provided passwords convince the security person or web manager to allow them access, a lot of financial damage to the estate may have occurred.
Why It’s Important
Consider clients whose business is totally online or who communicate with their customers and suppliers primarily through emails. What damage to the business may occur if that line of communication is lost? How long will it take to restore the relationship with customers and suppliers if they don’t understand why their communications are being ignored or invoices are not paid and orders are not shipped? Internet service providers’ policies may not allow personal representatives immediate access or provide information about the account without a court order. And even if they cooperate, personal representatives may not get the information they need.
And consider the client who writes for a living or provides other creative work for clients—is their latest work going to be lost and the revenue to the family forgone? What about the attorneys, CPAs, CFP professionals, doctors, and other advisers who keep clients’ information online because they have gone paperless? Clients and client lists are valuable assets, but clients can migrate to other advisers when no one follows up with them or they are unable to get information about their account from successors. As estate and financial planners, we address complex estate and financial issues every day, such as retirement planning, business succession planning, and generation skipping trusts, and other complex tax, financial, and business issues. Then why shouldn’t we address with the clients the importance of their digital assets, especially when many of those assets are business, financial, or banking related?
The Planning Process
The first question that most clients will ask is, “After I create this inventory, where do I keep it? I don’t want anyone else to have access to my accounts while I am of sound mind and alive. How do I protect my family and loved ones if I become incapacitated or die, while still maintaining secrecy and safety during my life?” The information can be stored on a CD or USB flash drive or other electronic storage devices that are password protected. Hard copies could be stored in a safe or safe deposit box, but this creates a problem in that the information needs to be updated and kept current.
The next issues are where to securely keep the information and who should know. Because of security concerns, clients should limit who has knowledge of the location of their digital asset inventory. In fact, clients should give as much consideration or more to who should know the location of their digital inventory as they give to selecting an executor or trustee. Consider limiting this to a surviving spouse, tech-savvy child, or trusted friend. If the person is not tech savvy, you might suggest the names of trusted individuals who can help the representative deal with the complexities of the online world.
Password-protected flash drives containing the information can be stored in small lock boxes at home with the password information and key location provided to the person or persons clients have selected. A password-protected document can also be stored on the client’s computer, but the client needs to advise someone where it is located and then provide them the password. An additional backup flash drive can be stored in the safe deposit box with a label containing information on what the disk contains and the password. But remember, it needs to be kept updated. Each time the clients go to the safe deposit box, they should take the flash drive stored in the lock box to the bank and exchange it, then update the drive they retrieved from the bank before they put it in the lock box.
There are also commercial sites that provide related services. For example, the online service SecureSafe claims it “protects your digital documents, guards your passwords, and lets you access and manage them at any time, thus guaranteeing maximum security.” And the service allows you to assign beneficiaries to your digital assets. Other providers include: AfterSteps, Cirrus Legacy, E-Z-Safe, Estate++, EstateLogic, Legacy Locker, and LifeEnsured, plus more companies are expanding into these services.
The use of these services does not eliminate the need to properly dispose of these assets in a will or trust, even though the above companies say they will take care of it. There are formalities to passing assets to heirs, and the legality and authority of these companies to distribute assets to the proper heirs may be questionable at times. Moreover, some companies could distribute valuable digital assets to online friends whom the client had not intended to receive the assets.
Provide Personal Representative Instructions
Clients should not leave it to the imagination or instinct of their personal representative to decide what is to be done with their digital assets; clients should provide them detailed instructions. There may be secret accounts and email folders that contain information clients don’t want shared with anyone; therefore, clients should tell their personal representative under what circumstance to destroy or close them (however many months after incapacity or upon death). Clients may have a social network of friends that they want to know of their death, and they may have accounts they want to leave to the discretion of a loved one as to whether to close the site or continue it. There may be files, photos, or videos that clients want copied and distributed to multiple people. Clients may have blogs or websites that they want to continue, and they need to leave instructions as to who is going to continue and maintain them. If they produce income, clients would want to state who is going to share in the revenue and to what extent.
Disposing of Digital Assets
“I leave my computer to my wife.” What does that mean? Does she get the computer but not the digital assets? Who gets the contents? Ownership of digital assets with monetary value can be disposed of through a will or transferred to a trust, but these instruments are not the place to disclose passwords and other information listed on the digital inventory.
If the digital assets are substantial in value, clients should consider creating a trust just for digital assets. The skills needed to manage a digital trust will be more complex than those for a financial trust, in that the manager will have all the responsibilities and need all the skills that a financial trustee will have plus the skills to manage digital assets. Clients may want a co-trustee with designated powers for each. Some of the companies mentioned above will serve as digital trustees. One advantage of the digital trust is that original ownership of digital assets can originate with the trust, so the transfer issues are eliminated upon the client’s death.
Ownership of other digital assets could be referenced in the will with a letter of instructions to the executor as to who should inherit them, similar to what many do for small assets with no real monetary value. This information could easily be added to the inventory list. Clients should consider providing provision for managing digital assets in the clients’ power of attorney or creating a separate durable digital power of attorney that has been executed as required by state laws for a durable power of attorney.
Preventing Identity Theft
As the concerns of identity theft continue to increase, think about how easy it might be to steal the identity of an incapacitated person or someone who has died. If no one has been watching over their digital assets for a while due to gradual incapacity or death, these accounts make easy prey for hackers who merely have to read the obituaries or the guardianship filings. Hackers can access information stored on the computer, open new credit card accounts, shop, or apply for identification cards.
Digital personal representatives should not only access the accounts but also change passwords to prevent others who may have had prior access from accessing the account. In addition, credit card information should be eliminated from all online shopping accounts. On the computer the personal representative is using, the representative should verify a firewall is installed to keep hackers and viruses out of the computer and verify that anti-virus and anti-spy software programs are installed and updated, as well as the operating systems.
Representatives should be aware of keylogger spy programs that record everything typed on the computer, including usernames and passwords, and that store this information on the computer or send it to the hacker. Representatives should consider installing a program specifically designed for the detection of keystroke logger software. Anti-keylogger programs usually delete or at least immobilize hidden keystroke-logger software on a computer. Anti-keylogger programs are different from most anti-virus or anti-spyware software in that they do not make a distinction between a legitimate and illegitimate keystroke-logging program (such as a virus); all keystroke-logging programs are flagged and optionally removed.
Obviously, personal representatives should never share an incapacitated or deceased person’s password information, PIN information, Social Security data, or any other information that could be used in identity fraud. Because the personal representative may not be aware of all the business the estate owner has conducted, they should be on the alert for sophisticated “spoof” emails that attempt to trick them into giving personal information that can be used to drain bank accounts, fraudulently obtain credit cards, and commit other crimes. Spoofers send spam mail using familiar or legitimate-sounding names of companies to gain personal information. They also use names that are close to the real one and send emails that appear to come from a company with which the estate may need to do business or has been doing business. Personal representatives should use caution with hyperlinks, as many are phony but look like legitimate business websites.
Conclusion
A personal representative’s job is that of a fiduciary and is extremely difficult when the estate has not only personal but also business and financial assets, and gets even more difficult when there are digital assets to manage. As a financial adviser, you need to advise your clients of the pitfalls in not having a plan for continuation and monitoring of their digital assets. Careful planning for digital assets can reduce the cost and frustration in dealing with clients’ digital assets, and clients need to be aware of the ramifications of failing to do so.
References
Beyer, Gerry W., and Naomi Cahn. 2012. “When You Pass On, Don’t Leave the Passwords Behind: Planning for Digital Assets.” Probate and Property 26, 1 (January/February).
Cahn, Naomi. 2011. “Postmortem Life On-Line.” Probate and Property 25, 4: 36–39.
Kennedy, Dennis. 2010. “Estate Planning for Your Digital Assets.” Law Practice Today (March).
Prangley, Karin. 2010. “The Disposition of Digital Assets: Estate Planning Potential Not Just Propaganda.” Law Trends & News 6, 2 (Winter).