When people die, what should happen to their digital assets — documents and photos that they have stored in the cloud (Google Drive or iCloud), the sent and received messages resident in their email accounts, more evanescent records like instant messages and Snapchat stories?
The first answer is: Whatever the dying person wished. But what if they expressed no wish? That is where it gets complicated and there are bills pending before the legislature which give different answers to the question.
As more and more businesses seek to eliminate paper bills and statements, many of us use our email account as the primary storage location for our records. Additionally, our email account may be the means through which we can recover lost passwords for online bank, insurance and other accounts.
Similarly, many of us keep our most cherished photos in online accounts. Those in creative or scientific fields may create many of their significant works online.
In the days of paper records, the executor of a will (or perhaps family members in the same home) would freely gain access to whatever a decedent had left in the drawer — whether it was bank statements or ancient love letters. Now that so many assets are in digital form and reside on password protected cloud storage, there is a conflict of views as to the powers of the executor of an estate.
Cloud and internet service providers save money if they can avoid handling any matters manually and avoid having to make complex decisions that are dependent on varying state laws. They also legitimately want to avoid getting drawn in to litigation of any kind.
Major industry players have come together to urge the passage of a uniform law that may place too much emphasis on the fine print that none of us read when we open our accounts and the optional account settings that most of us don’t get around to checking.
All agree that the preferences of the decedent should be honored. The industry bill would mandate that preferences expressed through their systems would control, but might concede that a later wish expressed in a will should control. The most challenging question is what to do, when as is all too common, the decedent did not get around to expressing any preference.
The industry has done polling that purports to show that most Americans feel that in absence of an expressed preference the digital assets should remain private, but it seems to matter how you ask the question. Most people disagree with the following proposition that the industry’s pollsters framed to emphasize personal privacy:
Estate attorneys and executors should control my private communications and photos even if I didn’t give prior consent.
Yet, on the contrary, in a poll sent to my email list to which over 1000 people responded, 60% selected a position that is roughly equivalent:
If someone dies without sharing their password and without expressing any preference, email companies should give the heirs access to the contents of the dead person’s email account.
Granted that my email list is self-selected. Yet I am not sure why my list would be unrepresentative on this issue — I was frankly expecting to confirm the industry result. I also ran the same poll on facebook (paying for distribution beyond the universe of people that like my page) and got a response consistent with my email poll.
I think the main conclusion we can draw from the contradictory polling is that polling is not a good way to figure out the best approach to this issue. There are many possible intermediate solutions — I got a lot of good feedback from people who didn’t feel comfortable with the forced choice I presented.
Under basic common law principles, the duly-appointed executor of an estate stands fully in the shoes of the decedent and has the established power to make many very sensitive and private decisions on behalf of the decedent. Emails are not generally more sensitive than health care and therapy records. Our Supreme Judicial Court has found that the executor has the power to make lawful consent and receive email contents if the decedent did not express a contrary wish.
But that finding by the court does not bind the legislature to adopt that rule. Some intermediate options for handling the case where the decedent made no directive include:
- Allowing executor access to “envelope” data (to/from/subject) — this concept is included in the proposed uniform law. This approach would at least allow the executor to identify institutions with which the decedent had relationships.
- Allowing the executor access to new communications in the main email account (hiding existing content), so that the executor could reset passwords and access other online accounts — bank sites, etc.
- Developing different rules for different kinds of digital assets — for example, instant messaging accounts could be more private. This approach is also an element of the proposed uniform law.
The industry’s advocacy materials overemphasize user privacy and industry convenience to the detriment of administrative practicality for users, yet the proposed uniform law is a thoughtful well-developed approach. It may strike a reasonable balance by (1) allowing communications envelope access to executors, while protecting communications content (in the absence of express consent); and (2) generally allowing executor access to digital assets other than communications.
We may take some more time to consider the issue — our final legislative decision should perhaps await a Supreme Court decision on how far the states should have the authority to regulate on the issue.
I’d welcome your thoughts as comments here!
Addendum — opinions on compromise approach
I went back to the 1100 people who had voted on the previous question of whether heirs should have access to email communications to test a compromise option — instead of giving content to the heirs, just give them a catalog of the content. 464 people responded to the follow up, 298 who had originally favored disclosure and 166 who had originally opposed disclosure.
Among the 64% of second-round respondents who had originally felt that heirs should have access to emails, 75% disagreed with the proposition:
generally, it would be enough to give heirs access to a catalogue of the email content, showing all the people and institutions that the dead person had corresponded with and the subject and dates of the correspondence.
Among the 35% of second-round respondents who had originally felt that heirs should not have emails, 51% disagreed with the parallel proposition that:
it would be OK to allow the heirs access to a catalogue of the email content, showing all the people and institutions that the dead person had corresponded with and the subject and dates of the correspondence
In other words, unfortunately, the industry-proposed compromise of offering access to a catalog of emails but not content does not satisfy a majority of either group. Overall, the compromise approach is less popular than either of the original black-and-white options, meeting expectations for only 34% of respondents.
Personal Takeway
This post explores a policy issue without reaching a clear conclusion and I’m still looking for input.
But for individuals, there is a clear conclusion: Make plans for your digital assets. Put it in your will what you want done. Or, make appropriate elections in settings for your digital accounts.
I don’t understand how either of the quotations in this post are positions that support “privacy”. The quotes, however worded, support giving and private communications to heirs in the absence of a will. How on earth is that supporting privacy? Supporting “privacy” necessarily requires that private communications remain PRIVATE, not given to heirs by default.
As an archivist, I find blanket destruction of email or other born-digital decedents’ property to be highly problematic. Surely, as with analog communication, the heirs or executors have both the responsibility and the authority to dispose of it responsibly—either by destruction, retention for sentimental or administrative purposes, or donation to a willing archival repository if the content is determined to be of enduring value by the archivist.
My personal belief is that information on the internet about me is my property. It should not matter who holds the info. It is information about me, and I should have control of it and how it is used. When I die, my estate should control what happens to the information. It need not be more complex than that. This is the rule in the European Union, and it give individuals far greater control over who, how and where their information is used in the digital universe.
It is my understanding is that in the USA, info on the internet is owned by whom ever holds it. Who it is about has no say or little say in what is done with the information. It is how we end up with problems like Equifax Data Breaches, revenge porn, or bad information floating around the internet and the question you are asking about estates. The system we have gives the holder of information only small responsibility and little consequence if the holder of the information has a problem or mis-uses of said information.
Perhaps it is time to look seriously at revising the question about who owns the information so we do not have such a incoherent system of ownership, duties and responsibilities. At least this is what I think your question in the end gets at.
You are 100% right. You’ll notice that the industry that so zealously defended “privacy” in this matter has no intention that they should be held to the same standard.
Will — I am upgrading my estate planning. I want my Personal Representatives to have access to all of my personal records.
I am in favor of all such information being made available in cases where no specific instructions exist. Personal Representatives should decide what to open and what not to open.
I don’t think access to paper records is a good analogy for access to a decedent’s email account. Paper records grant you information about the decedent, but access to an email account grants you much more — for example, you can use it to reset the decedent’s password on any number of other websites and then actually act in that person’s stead (since other websites have no knowledge the person is deceased). Doing that in real life would require a Weekend At Bernie’s style stunt.
I agree that executors should have access to information about the decedent, but I don’t think it should be actionable; I don’t think the executor or any family member should have the ability to impersonate the decedent without their prior consent.
One imperfect idea for a middle road would be to create a system whereby email providers can give readonly access to emails the decedent sent and received before their time of death (perhaps only after some time has passed, to ensure that any password reset links have expired by the time access is granted). This could make email records much more analogous to paper records, in which case the same common law would be much more appropriate.
The industry could very well charge for old email access – if the password is lost – and can very well make the charges sufficiently high to keep things economically feasible.
If the family of the deceased does not have the email passwords, and has to go through the will executor for email access, that in itself would cost several hundred dollars paid to the executor.
I would say the state law should mandate email access to inheritors, but not preclude service provider fees, and not mandate that service providers need to look for email accounts that the inheritors don’t already know about.
Will – I wholly agree with your final thought: [F]or individuals, there is a clear conclusion: Make plans for your digital assets.
I would support legislation that funded a public service campaign to make people aware of this issue, and of the many existing technical solutions for addressing it, such as https://myaccount.google.com/inactive and http://www.deadman.io. I would even be okay with legislation that compelled providers to remind their users of this issue, or required providers to offer technical solutions to their users.
In other words, let’s do everything we can to make it easy for people to “opt-in”. But in the absense of a stated preference, private data should remain private. I oppose any legislation that would require users to “opt-out” in order to maintain their digitial privacy.
I say this as someone who personally spent dozens (if not hundreds) of hours trying to retrieve data and account information that was lost after the passing of friends and family members. My takeaway was not “there oughta be a law”, but rather “I better make sure that I’ve taken steps to make sure this doesn’t happen when my time comes.”
If I didn’t share my account access with a loved one in life, there was a reason for it. Unless I indicated otherwise, the presumption should be that that reason does not disappear with my death.
Thanks for raising this interesting topic.
>If I didn’t share my account access with a loved one in life, there was a reason for it. Unless I indicated otherwise, the presumption should be that that reason does not disappear with my death.
A thousand years of estate law recognizes that rights wielded by an individual in life pass to others on death, for completely obvious reasons.
[Note: This comment was posted to a different page on Will’s site in error. Apologies for the duplication.]
This involves so much more than personal email. Many institutions can be involved.
To keep track of my digital life I have accumulated over several decades six dense password-protected pages of online account information. It includes addresses and logins for banks, brokerages, insurers, social media, web hosting, medical portals, utilities, retail vendors, three email accounts and more. I want my heirs to be able to access all of it without any sort of legal or vendor hassles.
I plan to delete accounts I no longer wish to use and summarize what’s left in a spreadsheet that I will print and leave in an easy-to-find place. It will include my computer’s password and be annotated with my wishes for the disposition of each online asset.
Should I die before completing the spreadsheet, at least there is my current disorganized list to work with and will require no one’s permission or legal authority to carry out my instructions.
I urge others to spare their heirs from frustration in a similar manner.
HIPPAA is prime example of what is wrong. HIPPAA should be amended so people can OPT a family member out and not in, as it is today.
Thus I would like to see legislation that states thet a deceased digital record and passwords are made available immediate family, unless that person specifically opted out any family member. Total access should be granted.
We need to fix the HIPPAA regs in my opinion and get the digital access right going forward.
Your poll should have included, “None of the above.” Louis Rukeyser’s advice applies: “Don’t just do something, stand there.” In other words, let individual cases and the common law work it out, without presuming to divine a one-size-fits-all solution.
So we’re supposed to believe that the biggest intruders into personal privacy in human history are now its biggest defenders? LOL. The tech companies aren’t arguing no one should have access to a decedent’s data. They’re just arguing that *they* should be the only ones who have it. Because believe me, they aren’t going to delete any information about the decedent they find monetarily useful.
Life is now conducted online, full stop. We have no choice in the matter. Health care and health insurance, investments and finance, personal correspondence, etc. A personal representative (that was an idiotic change in nomenclature, btw; it produced only confusion) or an executor needs access to ALL this information to do their job.
How else are executors going to know of outstanding estate liabilities if they can’t get demand emails? How does an executor even know who the decedent did business with? How does an executor know if an advice of a direct deposit has been issued, or if a small business person has an unpaid invoice that’s been disputed? What about the decedents’ fully paid-for music or movie collections? I’m sure the tech companies would LOVE for access to those to be lost.
What about decades of family photos? What happens when all the photos of your own childhood are retained by bureaucratic punks at Facebook and denied to you and your family?
What about online finance sites? Many people manage their money through programs like MINT. Many freelancers do all of their billing through SAAS sites like Freshbooks. In fact, as more and more services are provided through a SAAS model, won’t an executor’s job become impossible without online access?
The answer isn’t meta data. Can you imagine how many YEARS it will take to probate even the simplest estate when courts have to spend their time saying, hmmm, yes, you can access that account statement, mmmm, no, I don’t think that text from Brandie is something you need to see. Such a requirement would essentially end probate.
Face facts. When you die, your executor and some of your heirs are going to see your porn collection. They’re going to find your dildos. They’re going to find out you’ve been wearing lifts to look taller or Depends to control seepage or false teeth. They’ll probably find out who you banged on the side, and maybe what your fetishes were. I’m not talking about what they’ll find with electronic access. I’m talking about what families find right now, every day, when a loved one dies. Thankfully most are mature enough to move on and leave people their dignity. That’s just what they have to do with electronic information as well.
I feel strongly about transparency – my own actions included. If I forgot to give specific instructions to the contrary, I would like the person to whom I entrusted execution of my will to act as if s/he were standing in my shoes.
Over the course of my life I have done many things which I am not particularly proud of, but if I forgot to conceal them they should be accessible to my heirs.
The distinction between a posthumous exploration of my thoughts and deeds is quite different from my equally-strongly held beliefs in privacy of my thoughts during my lifetime. Subject for another survey for you? 😉
Executor should get access and should chose what heirs get to access.
I am in total agreement with this sentiment. Executors should get access; they can decide what is shared. T
Great input on how we need to include in our estate planning all our digital assets, which become more and more important as technology advances. Hadn’t really thought of this before, so thank you for making us aware of how important this is.
Most of my billing is now done online so I would allow access to be able to pay off and close those accounts.
For my executor to do their job, they will need to have access to my email. That is how I get bills, pay bills, access online banking, credit cards, communicate with many other service providers, etc. I have a zillion passwords. I try to make them different. Most executors will need to reset those passwords. The only way to do that is through my email account. Giving access to metadata only will not solve this problem. If my executor doesn’t have access to my email it becomes an enormous task to, bit by bit, gain control over my various accounts. It is extremely important that the executor “stand fully in my shoes” in terms of access to email. (Not so much in terms of access to IM or other things that no one will have heard of in 10 years.)
Someone who goes to the effort of barring executor access to their email will hopefully also go the effort of giving their executor alternate paths to discharge their responsibility.
The industry phrasing of the access survey question is extremely loaded.
It is possible that giving access to past envelope information AND access to new emails that come in could solve the access and password reset problems. But it also seems very complex. Perhaps these should be available options for those who don’t want the executor have full access; but it seems overwhelming sensible that the default should simply do what common law suggests.
I suppose I would elect to provide my executor access to financial sites, providing the necessary passwords. But that is far different in my opinion from providing access to my Yahoo! or Google, or Facebook or Twitter accounts. I would not agree to such access for anyone.
Good discussion I favor allowing access
There need to be safeguards to prevent Spoofing of Death that would lead to deletion of an account holder’s data.
My neighbor’s husband died. Their last name was the domain name. He forgot to give her the password to his email account. The domain renewal email went unnoticed, the domain was canceled, and her email failed. She thought it was a Comcast problem. It caused misery, at a time of grieving. My sister in law almost forgot to get the ATM password, before my brother died. Older people need help and recourse.
This is a bigger issue than just when a person dies. It also applies to situations (think Alzheimer’s) there someone has to rely on a personal representative or some other form of power of attorney. Please make the legislation be general enough to handle all these cases of a person unable to interact with their digital assets.
My thoughts on the general issue- if you have privacy needs that exceed the needs of a duly designated personal representative, it is incumbent on you, while you are still able, to enforce your needs.
It seems to me that electronic records should be treated just like paper ones. That is, that heirs have access just as if you had left them in a drawer or in the attic. If there are things that you don’t want others to see after you are gone, do the same thing that you might have done if they were one paper–destroy them.
A few hours after my sister died, I began encountering the hassles of wrapping up her affairs. No passwords or PIN codes were left for me, and the intense interactions surrounding her death essentially pushed that issue out of reach in the final days. Who just left a message on the answering machine? What recent email communications need to be handled? Who needs to be notified? Probably no amount of advice to her to set up access rights in advance would have made a difference. I bet this happens often. It is unfair / unwise to add to the burden of those of us still living and tasked with sorting out a decedent’s affairs. In my opinion, unless explicit instructions are given to deny access to the digital materials we are talking about, the executor and immediate family should by default be given access.
I’ve acted as an executor, too. I’m pretty tired of people holding forth all sorts of opinions on this issue when they’ve never even dealt with it before themselves and probably never even heard of or thought of the problem until someone asked them about tit.
The only things that remains private these days are our thoughts, especially the ones not written down. Certain relationships communicated in private between two people, may be expressed in writing, because of the physical distance between them, should remain as ‘thoughts’, as is they were never written down. This extreme form of privacy should remain private even after death. The digital assets may contain both, privacy and physical hereditary assets. The segregation between the hereditary assets and the extreme privacy assets should be some how done. A deceased person’s thoughts are not inherited, even if some were written. Divulging all private communications may have legal implications for the people still living. It’s like that the deceased is denied invoking the Fifth Amendment after death, even if he cannot be called to testify.
If it is in writing then it is no longer a mere thought, it is now a material thing — which is the entire point. If someone doesn’t want others to see their material things, they can dispose of them just as they do in the world of paper. Just hit DELETE.
Most of the arguments for keeping emails private are word salad. Assemble some random vaguely related ideas, put in comment and toss.
Why should _e_mail be any different than mail?
Depending on how I choose to receive my email the files could be on my computer – or not.
Some people are able to set up their own mail server. The vast majority are not. Think of the server as the mailbox on a post at the curb, or attached to your house. Realistically though the vast majority aren’t going to run their own email server.
Regardless, the mail/email arrives in their inbox/mailbox. If the recipient dies, then what? Regular mail is readable by anyone who has access to it. Again, why should email be different?
If the original recipient doesn’t want his mail/email read, he can dispose of it. He can shred it or burn it, or delete it; before anyone else can read it. Mail that arrives after he is dead? That’s obviously beyond the deceased’s control, whether it’s mail or email.
It would (or should) be quite easy for email providers like google/gmail, yahoo, apple, hotmail, etc., to provide users a way to designate who can fetch their mail in the event they die or otherwise become incapacitated. Ot to someone with Power of Attorney.
Again, if someone doesn’t want their mail or email read after they die, they should dispose of it. I don’t see why email should be any different than mail
That is a very good idea of adding your computer access to your worldly assets. That way, no one’s nose is out of whack!
Thank you for the Resources links. They were very helpful!
I think you are on the right track in the summary Will … there should be ‘appropriate elections in settings for () digital accounts’. Phil