Imagine, if you will, that your spouse is an avid photographer who passes away suddenly. Amid your heartache, all you want to do is look through your treasured family photos that are safely stashed away in the cloud. Only you can’t. Not only that, but to retrieve those precious pictures you could spend countless dollars and see the inside of a courtroom multiple times in what might amount to the most epic court battle you’ll experience in your lifetime.
Seems extreme? That’s because it is. And it’s happening all over the world. This is a serious problem that is becoming more and more frequent. Here are just a few examples of how digital assets are impacting estates today;
A young man kept a vast amount of his online account and digital asset information listed in 1Password (Canadian based company). Like many people, he relied on a password manager to maintain his account portfolio along with their login credentials. And with all the access to his important accounts, he thought a password manager would protect his data and provide assistance to his estate representatives when needed.
Password managers employ robust security and privacy protection measures that include intense data encryption. Due to these very effective protocols, the estate was unable to obtain any the information leading to his property, they turned to a privacy lawyer for help. After several appeals to the Custodian, they weren’t to get any additional information and were forced to continue the estate’s administration, knowing that pictures, financial accounts and other assets were being left out.
The Thompson family loved capturing their life’s moments with their young daughter through pictures and videos. Like so many people, the collection f 4,500 snapshots and 900 videos were uploaded to her father’s Apple iCloud account. After he suddenly passed away, these memories became even more important to his daughter being it’s the only way for her to remember her father. But when the mother tried to get access to the photos, Apple denied her request citing privacy laws and policies preventing them from releasing them. The family hired a privacy lawyer and after a costly and multi-year court battle, they got a court order for these pictures/videos to be released. However, the pictures were reviewed by the privacy lawyer before passing on to the daughter.
John Ajemian was riding his bicycle when he was suddenly struck by a car and killed. When his sister and brother (executors) wanted access to his email, Yahoo refused citing privacy laws and their Terms of Service Agreement prevented them from doing so. The case was heard in court after court for 10 years until the highest court of appeals ruled that Yahoo! is not obligated to turnover data or contents. They also made it clear that the ruling was limited to the one privacy law only and did not apply as to the validity of the Terms of Service Agreements or other privacy protection laws…those are for other battles.
Dov Henry, of Toronto, went missing and was found dead two months later. The coroner had ruled the cause of death “Undetermined” leaving many questions. Three years later, there was still very little information on what happened. His mother set out to learn more and turned to Facebook, among others, to get his account passwords and see if she could find any clues. She took her case to court and obtained an order. However, Facebook and Apple did not comply, citing privacy policies and US privacy laws as the basis for releasing information.
When 73 year old Bill Pelech, of BC, passed away leaving behind a $800 balance in a PayPal account his wife, Wendy, reached out to them to close the account, assuming the balance would be forwarded with the closure. She provided all the paperwork but faced several errors and complications. PayPal claimed that the account was closed (by the estate) causing the funds to be withheld. Several months later and much frustration, Wendy was required to provide financial statement with an account number to have the funds distributed.
So, what exactly is the problem? And, more importantly, how can you make sure it doesn’t happen to you or your loved ones? – Do you think we need to put information here or just leave it?
What are Digital Assets?
Digital Assets include items such as emails (and their attachments), texts, social media profiles, financial statements, crypto, domain names, even online gaming collectibles. Anything stored online or in a cloud somewhere that belongs to you falls under your digital assets. And, just like physical assets, they must be properly planned for in your will.
This means you can set up people to receive the contents of an online account or app and dictate what should happen with that account, including account closure, deletion, transfer, and more.
Protecting Your Digital Assets
Keeping your accounts and property safe and getting them to the people who should have them upon your passing isn’t as easy as you might think. Most people think keeping a list of accounts and passwords will grant them access. But it won’t, at least not legally, and they can bring on even bigger problems for your loved ones and heirs.
Why are Digital Assets Important to Your Estate?
Digital assets are different from physical assets such as a house, car, or jewelry. They follow a different set of rules and requirements. Often these requirements are outlined in the Terms of Service Agreements that people tend to skip over when they open an online account or download a new app. However, buried within that legally binding agreement hides the rules about what happens to your account should you pass away. And, if these rules and regulations aren’t followed then your account may be subject to expiration or auto-deletion. Yes, everything you have on the cloud could be lost forever.
Some examples of the provisions you agree to include;
“Not share your password, give access to your Facebook account to others, or transfer your account to anyone else (without our permission).”
(Facebook.com/legal/terms Revised Oct 1, 2020)
“If you go more than a year without logging into your Yahoo! Mail account, Yahoo may delete your messages from its servers to make room for other users. After your account is deleted, your screen name becomes available to new users.”
(Lifewire, Nov 2019)
“The company reserves the right to delete accounts that remain inactive for an extended period of time but doesn’t not usually do so.”
(Lifewire Dec 2019)
“Dropbox, in general, determines inactive accounts by looking at sign-ins, file shares, and file activity (adding, editing, or deleting) on any of our platforms (Dropbox or Paper) over the last 12 months. If you have signed in on one of our platforms, or had any file activity on them at any point within the previous 12 months, then your account is considered active.”4 “If you no longer want your Dropbox Basic (free) account, you can simply leave it alone. Your account will be automatically deactivated—and your files deleted—90 days after you reach 12 months of inactivity. Dropbox accounts that are idle for more than a year are deleted due to inactivity, along with any content they contain. Once an account has been deleted, there's no way to recover the content.”
(Dropboxforum.com Response June 2020, April 2020)
“You agree not to disclose your password to any third party. You must notify us immediately upon becoming aware of any breach of security or unauthorized use of your account.”
(1Password Terms of Service Updated April 2019)
Secure Data are the data that we are not capable of decrypting under any circumstance. It includes all information stored within vaults in 1Password accounts. These data are encrypted using secure cryptographic keys that exist only in the possession and under the control of our customers. We have no way of accessing or providing decrypted Secure Data, and we never receive copies of unencrypted Secure Data.
It is extremely important that you understand that anyone with both your Secret Key and Master Password can access your Secure Data. It is equally important that you keep a copy in a safe place for your own reference, because future access to your Secure Data depends on having access to both your Secret Key and your Master Password.
However, we are unable to decrypt your Secure Data; you will need your Master Password and Secret Key to decrypt it.
Additionally, website and app owners are held to high standards for protecting your privacy through laws and policies that come with hefty penalties and fines if not followed.
Why Sharing Passwords Doesn’t Work
While sharing your passwords with your loved ones may seem like a way around this problem, it’s not. In fact, this action can have some serious consequences. When someone else logs into your account it is known as Account Holder Impersonation, which is a violation of several laws as being prohibited in the Terms of Service Agreements. Passwords change and typically are accompanied by login security protocols including 2 factor authentication. Getting it wrong can permanently lock the Executor out or appear as hacking. The last thing you want to do is get your loved ones in trouble by improperly handling your digital assets.
What Needs to be Considered for Your Digital Assets
Many online accounts are digital assets themselves (i.e. crypto, domain names, YouTube channel, Instagram influencer account, IoT) while others hold or lead to your digital property (i.e. email with attachments, cloud-based storage with documents, pictures IP). In all instances, they can be financially, emotionally or functionally valuable to those left behind. It’s important to take the necessary time to consider the value and purpose of these assets and what needs to be done.
As you can now imagine, digital property requires two types of directives for a complete administration. The first and most important for achieving your goals with legacy and financial matter are the instructions on the disclosure of account information. Designating a person or entity access to your important data, contents and information leads accounts, profiles and assets that need to be researched and handled appropriately.
The second directive is an “action” oriented instruction that’s to be taken on the account. This can be account closure or deletion, name removal (from a family share plan) or transfer the accounts. Some content providers may offer additional options, like Facebook with its memorialization, allowing someone to make posts on your profile such as “celebration of life” notifications and events.
Take Charge of Your Digital Assets
Taking charge of your digital assets may take some time, but it will be worth it. Start by making a list of your accounts and apps, with your associated login username or email, and identify if they have any financial or sentimental value. DO NOT include your passwords. You’ll need to keep updating that list with new websites and apps.
To ensure your wishes are fulfilled, you’ll want to name someone in your will that should receive the disclosure of your account’s contents or companies could reject access. You’ll also want to provide explicit instructions that conveys how each of your digital assets should be handled. PLEASE NOTE, these designees will not have access to your account but, most likely, they will receive a portable drive or access to a cloud file with the account contents.
In 2021, Directive Communication Systems will launch in Canada. The exclusive and easy-to-use platform helps to prevent digital property from falling through the cracks and protects your estate’s value, legacy, business continuity and personal privacy. Compliant to privacy laws, policies and your wishes, DCS is effective to carry out your goals without using password.
Taking charge of protecting your digital assets doesn’t have to be scary if you’ve got the right preparation in place. With so many accounts floating around in the cloud, make sure you’re protecting your digital assets the same way you would protect your physical assets. The last thing anyone wants for their loved ones is to force a grieving family member to fight for family pictures in court.