Delaware’s Fiduciary Access to Digital Assets and Digital Accounts Act (H.B. 345) makes Delaware the latest state to regulate access to “digital assets” after death. Unless the account-holder instructs otherwise, legally appointed fiduciaries will: (1) have the same access to digital assets as they have always had to tangible assets, and (2) the same duty to comply with the account-holder’s instructions. In short, the personal representative or guardian of a digital account-holder can access the emails, documents, audio, video, images, social media content, computer programs, software licenses, usernames and passwords created on the deceased’s digital devices or stored electronically. This access could be very helpful, or extremely problematic, depending on what the digital records reveal.

Those whose digital data has monetary value, or who do business electronically or through social media should consider digital asset directives in their estate plans, because the terms of service for most online accounts (including Facebook and Yahoo) preclude third party access. Without directives, the prospects could be dim for a blog with embedded advertising if the creator dies and no one else has access to keep the blog going. A social media creator’s intellectual property (blog post content, YouTube videos) can also be valuable, as proved by blogs that became successful books and short videos that spawned movies or advertisements; Adam Sandler is making a movie based on a 2-minute YouTube video. Online gaming items and digital currency like Bitcoin also have monetary value, which is locked up unless someone has access to the deceased’s accounts. For digital data with money value, then, a digital asset estate plan makes sense, and laws like Delaware’s fill the gaps for those who don’t create one.

But when a deceased’s digital data is highly personal, digital access laws do raise privacy concerns. People use email and social media accounts to reveal themselves only to (what they hope will be) a limited audience. Social media serves some users like the diaries of old, where privacy settings take the place of the little locks and keys. When a personal representative or guardian can access this data, sensitive information is revealed and there’s nothing the deceased can do about it.

The purpose of “digital access” laws, of course, is to make things easier, not harder or more emotionally wrenching for survivors. However, the law leaves a healthy number of open questions:

  • Does it cover bank accounts? Will national banks be exempt?
  • What is the custodian’s legal exposure if the custodian doesn’t have the necessary passwords for access to the account or to un-encrypt documents, because of the way the custodian’s security systems work?
  • Will the inclusion of agents under durable powers of attorneys, combined with the custodian’s right to rely on the durable power without inquiry, create a new open door to family fraud?
  • How long does the custodian have to hold the records that may be requested?
  • Is the statute worded so that custodians can get the account-holders prior agreement to “opt out”?  And if so, will an “opt out” become standard boilerplate in custody agreements?  Or, will custodians conclude it is better to let the statute operate because the custodian has virtually no due diligence obligation when complying?
  • What about safekeeping agreements that call for automatic destruction of the records upon closing of the account?  Is there an obligation to retrieve the records if they still exist on backup tapes?