You may not know that at the end of September, New York became the 20th state to pass something called the Revised Uniform Fiduciary Access to Digital Assets Act -- known to those in the know as RUFADAA.
It’s the most important law you’ve never heard of, and you could be dead when it would come into play. That’s because it will govern how and to what extent your family members or the executor of your estate will be able to access your online accounts if you die or become disabled, and they need to ask the account provider for access.
Estate law in the U.S. is governed at the state level, and the Uniform Law Commission, which drafted the model act, expects that most states will adopt RUFADAA by the end of 2017.
Even if you have a will or power-of-attorney, digital assets like email or an online photo album are different because they’re subject to a web of federal and state laws concerning electronic communications and privacy, which in turn govern the service providers’ terms of service (TOS) agreements. Those agreements guarantee user confidentiality -- very often, even after death.
For instance, Yahoo’s (YHOO) help section includes an article titled: “Options available when a Yahoo account holder passes away.” It outlines how someone can ask for an account to be closed because someone has died, but it also notes that under its TOS: “Neither the Yahoo account nor any of the content therein are transferable, even when the account owner is deceased.”
Asked for clarification, a Yahoo spokesman said in an email: “While we do not allow access to a decedent’s account, if an individual has lawful consent to the account’s contents, we will provide the content.”
So what do you need to do to demonstrate “lawful consent”? That’s where RUFADAA comes in.
The revised version of UFADAA (adding the initial “R”) is a compromise between the estate lawyers, who wanted access unless the person had “opted out,” and the service providers, which not only have to abide by all of those federal and state privacy laws but also believed many of their account holders would want to maintain their privacy after death.
For instance, NetChoice, an e-commerce trade association based in Washington, D.C., commissioned a poll and found that “more than 70 percent of Americans think that their private online communications and photos should remain private after they die -- unless they gave prior consent for others to access. In addition, 70 percent also felt that the law should err on the side of privacy when someone dies without documenting their preference about how to handle their private communications and photos.”
And that’s exactly the stance taken by RUFADAA. Someone must proactively “opt in” via a directive in a legal document or a service provider’s online tool.
At the moment, very few service providers have such tools, but Google (GOOG) has been ahead of the curve. Back in 2013, it instituted what it calls its “Inactive Account Manager,” which can be found on its account settings page.
Someone can opt to have their data deleted after three, six, nine or 12 months of inactivity, or can select different people to receive the content of different Google services, including Gmail and Picasa Web Albums. In case you’re not dead yet, to guard against hacking, “before our systems take any action, we’ll first warn you by sending a text message to your cellphone and email to the secondary address you’ve provided,” Google says.
Facebook (FB) also has a “legacy contact” tool, which can be found under “security settings.” It allows you to designate a person, who must also be an account holder on Facebook, to “memorialize” your account in three ways: Write a pinned post for your profile to share a final message on your behalf or provide information about a memorial service; respond to new friend requests; and update your profile picture and cover photo.
However, Facebook says the legacy contact still can’t log into your account or read your messages or delete anything posted to your Timeline. (Currently, Facebook does not purge inactive accounts, a spokesman said.)
“I think you’re going to start seeing more of these tools coming online,” said Carl Szabo, senior policy counsel at NetChoice, who noted that many of these services are so new and so young, that they weren’t previously thinking about end-of-life issues.
Under RUFADAA, if the instructions in the online tool and in the estate plan are in conflict, the online tool takes precedence, said Benjamin Orzeske, legislative counsel at the Uniform Law Commission.
But if no online tool exists or the account holder hasn’t used it, RUFADAA is the default, and it allows the user to “give legally enforceable directions for the disposition of digital assets in a will, trust, power of attorney, or other written record,” the ULC states.
How you would do that to ensure your intentions are completely clear? Attorney Jill Choate Beier recommends that a power-of-attorney be modified to “specifically give access to digital assets” and explicitly state that the agent has the ability to “access, delete, or distribute” those assets. “And I think it also needs to refer to the federal privacy law and say that the language in the document constitutes lawful consent of the account holder,” she said in a presentation made to the New York State Society of CPAs Estate Planning Conference last May.
Even if no such directive has been made, under RUFADAA an executor will still be able to get what’s called a “catalogue” of the person’s email -- a list that shows the addresses of the sender and recipients, and the dates and times the messages were sent, but without any of the content being divulged, not even the subject line.
Getting even that much information can be significant to executors who are trying to trace assets. In a world that’s moving more and more toward electronic statements delivered via email, the concern is that “someone could have a million dollars in a brokerage account, and no one would know about it,” said Eric R. Strauss, a lawyer who is reviewing Pennsylvania’s RUFADAA law on behalf of that state’s bar association.
Under RUFADAA, in some circumstances a service provider can ask the executor to provide a court order -- notably, with email accounts where the account holder is anonymous. If you have to prove that Ben123@google.com really is your uncle, you may have to supply some email from your uncle to a family member or maybe to his lawyer, said Orzeske.
“You can’t just say: ‘Give me John Smith’s email,’” says Szabo. But, “if you make an express statement in your will to turn over everything to your significant other, and the service provider has the evidence to make sure that’s the right account, they will disclose the content,” he says.
Of course, if you make sure that someone in your family can access your computer and your passwords, they can avoid all of this. Technically, it’s a violation for anyone other than the account holder to log on, but “I think that’s what many people do,” said Strauss.
Here’s a map showing which states have enacted RUFADAA -- and where it’s not yet the law.