By, Bailey Walker, Elder & Disability Law Clinic Student, Fall 2021
Traditional estate planning contemplates the future of a person’s physical and financial assets: homes, bank accounts, heirlooms—even photo albums. However, in today’s world, a person’s digital assets are increasingly common, sentimental, and valuable. Consider family photos stored on a personal google drive account, Facebook profile, or iCloud, an online blog, or investment in cryptocurrencies; these commonplace digital assets could be lost without proper forethought when the owner of an account dies or becomes incapacitated.
The Issue of Access
Unlike a house or a car, the ownership of digital assets cannot be transferred by deed or title. A digital photo album, for example, cannot simply be handed over to a spouse or child. The main issue in estate planning for digital assets is access rights.
Access to digital assets is often managed by the third-party platforms, such as Google, Apple, or Facebook who own the services through which a user creates an account. Due to increasing concerns around cybersecurity and the protection of personal information, companies are unlikely to share account details with someone claiming to be the executor of an estate or even the spouse or relative of a deceased or incapacitated loved one. While a password could theoretically be shared with others prior to death, proper password hygiene warns against sharing or repeating passwords. [1] Additionally, a password, unlike a key to a safety deposit box, can be compromised; when this happens, it is imperative that a password be changed immediately to protect the users’ digital identity. Taken together, these complexities might prevent anyone from accessing an account after the creator dies or becomes incapacitated.
The Uniform Fiduciary Access to Digital Assets Act
Luckily, Virginia is one of the many states that has addressed issues of account access after death or incapacitation. The Uniform Fiduciary Access to Digital Assets Act [2] requires a company such as Google that “carries, maintains, processes, receives, or stores a digital asset of a user” to grant fiduciaries (conservators, guardians, trustees, and representatives of an estate) access to those digital assets. [3] It also imposes obligations on the part of these fiduciaries to the decedent or incapacitated person: they must care for the digital assets, act with loyalty to the interests of the original account owner, and maintain that individual’s confidentiality. [4]
While the Act allows account owners to plan for the future of their digital assets, it does require some forethought during the estate planning process. The identification of a fiduciary for digital assets, for example, must be included in a will, trust, power of attorney, or other record. [5] Whichever method is used must provide details about the digital assets to be transferred and to whom. [6]
Evolving with Technological Uncertainty
As with many things in the world today, estate planning for digital assets is somewhat destabilized by the constant disruption of evolving technology. While third party companies are able to provide access to account fiduciaries named in accordance with Virginia law, there are already certain types of technologies whose access is controlled singularly by the user—not the platform owner. Indeed, trends in cybersecurity favor access management tools that link an individual’s account to biometric features of that individual. [7]
Take facial recognition technology, for example. The technology is already being used by iPhone users to unlock their devices. [8] Once a person dies, access to that device cannot be provided to a fiduciary by the device maker. If that technology continues to spread to other services, the list of digital assets that will become inaccessible upon the death of the account owner will continue to rise. While Virginia law may require companies to share account access to designated fiduciaries, the technology may one day present an impenetrable obstacle to compliance. When that happens, the law will need to adjust its approach to estate planning for digital assets or risk the loss of many valuable digital memories, monies, and other valued personal collections.
[1] Diego Poza, NIST Password Guidelines and Best Practices for 2020, Auth0 (Jan. 22, 2021), https://auth0.com/blog/dont-pass-on-the-new-nist-password-guidelines/.
[2] VA Code Ann. § 64.2 (2017).
[3] Id. § 64.2-116.
[4] Id. § 64.2-129.
[5] Id. § 64.2-118.
[6] Id.
[7] Dept. of Homeland Sec., Biometric Identity Management (2018), https://www.cisa.gov/sites/default/files/publications/nppd-biometric-identity-management-02132018-508.pdf.
[8] Apple, Set Up Face ID on iPhone (last visited Sep. 23, 2021), https://support.apple.com/guide/iphone/set-up-face-id-iph6d162927a/ios.