Executors have a duty to gather all of the assets of the decedent’s estate and prepare an inventory of the assets and debts. In days of old, this meant obtaining paper files that had been in the possession of the deceased. The digital world changed all that. Digital content is generally held, not by the owner of the information, but by a third-party custodian. The custodian of digital assets has an obligation to protect against disclosure of data to unauthorized users. Can an executor really be considered an unauthorized user?
A prior version of a model act, the Uniform Fiduciary Access to Digital Assets Act, gave the fiduciary the same rights over digital assets that she had over tangible assets. That act was met with resistance by custodians of electronic records, each with its own terms-of-service agreements in place with their customers which included provisions regarding who could access digital assets. And custodians were concerned about the costs of responding to multiple requests for digital assets.
As a result, the Uniform Law Commission promulgated a new version of the act in 2015, known as the Revised Uniform Fiduciary Access to Digital Assets Act or RUFADAA. That version has been adopted by almost every state. With RUFADAA, access to electronic data now depends upon whether the user (defined as a person who has an account with a custodian) explicitly authorized the fiduciary to have access to digital records and assets.
RUFADAA
First, it is important to understand what a digital asset is. Defined as any electronic record in which an individual has a right or interest (but not including the underlying asset or liability, unless that itself is an electronic record), digital assets include such things as text messages; digital photographs; iTunes; Facebook content; health data such as heart rate, weight, or blood pressure; financial and accounting software; and personal e-mails. These may have personal value and be considered highly confidential by the user. Other digital assets may have economic value, such as bitcoin, airplane miles, domain names, customer lists, manuscripts, articles or musical compositions.
Second, to obtain access to electronic data and digital assets, the fiduciary must know the RUFADAA-compliant procedures.
Hierarchy of Instructions How can the user’s intent regarding access to electronic data be determined? RUFADAA establishes a hierarchy for determining what governs access to the principal’s digital information:
- On-line tool. An on-line tool is different than the terms-of-service agreement embedded in the user contract. It is an electronic service provided by a custodian that allows the user, in an agreement distinct from the terms-of-service agreement, to provide directions for disclosure or nondisclosure of digital assets to a third person—including the fiduciary. The tool is analogous to designating a beneficiary in an account agreement with a financial institution. If a user signs an on-line-tool, this overrides a contrary provision in a will, trust or terms-of-service agreement.
- Will, Trust or POA. If there is no on-line tool, the provisions of the will, trust or power of attorney control.
- Terms-of-Service Agreement. If there is no on-line tool or instruction in a will, trust or power of attorney, the terms of the service agreement control.
Procedures to Obtain Digital Content While the procedures for a fiduciary to gain access to digital assets vary according to the type of fiduciary, generally there are two ways to obtain the records: (1) where a court directs the custodian to provide the data; and (2) where a fiduciary provides the following information to the custodian:
Estates For executors or administrators of an estate to request digital information, they must provide the following documents to the custodian:
- A written request for disclosure of the records of the principal;
- A certified copy of the death certificate;
- A certified copy evidencing the authority of the personal representative (as examples: letters testamentary, letters of administration, or an order approving probate by muniment of title);
- Unless the user utilized an on-line tool, written documentation showing the user’s consent to disclosure of the content of the electronic communications.
The custodian also can request that the personal representative provide the custodian with additional information, such as proof that the user had an account with the custodian. The custodian may also request a court order finding that: (1) the user had an account with the custodian; (2) disclosure does not violate the Stored Communications Act; (3) unless the user utilized the on-line tool, that the user consented to the disclosure of the content; and (4) disclosure is reasonably necessary for the administration of the estate.
Absent consent to the disclosure in the decedent’s will, RUDAFAA permits the personal representative to request that the custodian disclose the catalog of electronic communications but not the content. This non-content information can be obtained without a copy of the will.
Powers of Attorney An agent for the principal acting under a power of attorney can submit:
- A written request for disclosure of the records of the principal;
- An original or copy of the power of attorney granting authority; and
- A certificate by the agent, under penalty of perjury, that the power of attorney is still in effect.
An agent can also seek a catalog (as opposed to the content) of the documents, by submitting the request, a copy of the power of attorney, and a certification that the power of attorney remains in effect. In Texas, the power of attorney statute (Section 751.051 of the Texas Estates Code, enacted at the same time the Texas Revised Uniform Fiduciary Access to Digital Assets Act) authorizes a special instruction from the principal by initialing box (N) “Digital assets and the content of electronic communications.”
Trusts If the trustee is the original user of the on-line account, she can access all of the digital assets of the account. If the account was transferred to the trust by the settlor, the trustee can request access to electronic content by filing the following:
- A written request for disclosure of the records of the principal;
- A certified copy of the trust instrument or a certification of trust that includes the consent to disclosure to the trustee; and
- Certification by the trustee, under penalty of perjury, that the trust exists and that the individual is the trustee.
The custodian may request that the trustee provide evidence linking the account to the trust.
Guardianships In Texas, a guardian can request a court hearing to request access to the digital assets of the ward. Unless otherwise ordered by the court or directed by the user, the custodian “shall” disclose to the guardian a catalog of electronic communications sent or received by the ward and any digital assets in which the ward has a right or interest other than the content of an electronic communication. The guardian must provide the custodian with:
- A written request for disclosure of the records of the principal; and
- A certified copy of the court order that gives the guardian authority over the ward’s digital assets.
If requested by the custodian, the guardian must also provide a number, user name, address, or other unique subscriber or account identifier assigned by the custodian to identify the account, or evidence linking the account to the ward. A guardian may request that the custodian suspend or terminate the account for good cause. The request must be accompanied by a court order giving the guardian authority over the ward’s digital assets.
FIDUCIARY DUTY AND AUTHORITY
Importantly, RUFADAA defines the legal duties of the fiduciary. They are defined as those same obligations imposed on a fiduciary charged with managing tangible property, including:
- The duty of care;
- The duty of loyalty; and
- The duty of confidentiality.
A fiduciary’s authority is limited, however. Unless the user gave direction through an on-line tool, the fiduciary’s authority is subject to the applicable terms of service agreement and to other law, including copyright law, and is limited by the scope of the fiduciary’s duties. Interestingly, the act also says that the fiduciary role is not to be used to “impersonate the user.”
The fiduciary can also request that the custodian terminate the user’s account. The request for termination must be in writing, in physical or electronic form, and accompanied by documentation similar to that listed above for estates, trusts, powers of attorney and guardianships. The fiduciary may also be asked to provide a number, user name, address or other unique subscriber or account identifier assigned by the custodian to identify the user’s account; evidence linking the account to the user; or a finding by a court that the user had a specific account with the custodian.
For any digital asset that is not held by a custodian or subject to a terms-of-service agreement, a fiduciary with authority over the property has the right to access any digital asset to the extent that the decedent, ward, principal, or settlor has or had a right or interest. This includes the right to access both digital property and digital assets stored on that property. The fiduciary is an authorized user for the purpose of applicable computer fraud and unauthorized computer access laws, including the laws governing unauthorized computer access.
Liability The custodian is immune from liability for an act or omission done in good faith and in compliance with RUFADAA. Once the fiduciary submits all of the necessary documentation, the custodian has 60 days from receipt of the request to comply. But there is no penalty if the custodian fails to comply.
The fiduciary, by contrast, has the fiduciary duties of care, loyalty and confidentiality—an important consideration in the area of data privacy. When corporations are sued for failing to protect the confidential information of their customers, a common defense is the absence of a duty to the user. The plaintiffs in such cases try to establish a duty through a “special relationship” or an implied contract between the parties. Establishing a duty will not be an issue if a beneficiary of an estate or trust sues the fiduciary for failing to locate and include a digital asset in an estate.
Avoiding Liability Fiduciaries and users alike should plan for access to digital assets. First, users should make a list of all of the digital accounts they hold and consider who should be able to access those accounts in the event of death or disability. They should also keep passwords in a safe place and, in some cases, make those available to a trusted individual such as a spouse. Because many assets pass to the persons designated in a contract, not pursuant to a will, users should also consider using on-line tools, especially for assets that are material to an estate.
Fiduciaries should ask the client to list the digital assets they have and what access they want their fiduciaries and heirs to have to them. If a client holds substantial block chain assets, for example, some roadmap needs to show how to access and control that asset. Estate planners should consider including provisions to access and distribute digital assets as part of a will, trust, power of attorney or, if a guardianship is involved, a court order. Clients should know that, if a fiduciary’s direction comes from a terms-of-service agreement the client has never read, that agreement may block access to third parties, including fiduciaries.
In many states, a fiduciary has time limits by which to discover and report assets. Planning for discovery and recovery of digital assets must become an integral part of the practice of administration of an estate.
Custodians will need to develop internal procedures for handling requests for digital information and assets. For example, if an agent presents a power of attorney, the custodian will need to determine if the proper documentation has been submitted and whether it should notify the principal.
Courts also must become familiar with the procedures by which a custodian can be compelled to allow access to digital information, and when entry of a court order is appropriate.
Conclusion RUFADAA is not complicated, but it does mandate planning and procedural adherence to obtain access to electronic information and digital assets. Users, estate planners, trustees, guardians and agents under powers of attorney, custodians and courts all need to be aware of these requirements in order to navigate the digital world. Competent advice from knowledgeable professionals can ensure smooth and effective discharge of a fiduciary’s duties.
To sign up for e-mail updates from the NextGen Financial Services Report, Click Here.