Print Page   |   Contact Us   |   Sign In
News & Press: Montana Lawyer

Revised Uniform Fiduciary Access to Digital Assets Act and its impact on estate planning

Wednesday, November 1, 2017   (0 Comments)
Share |
By E. Edwin Eck

Introduction.  The Revised Uniform Fiduciary Access to Digital Assets Act (hereinafter the “Act” or “RUFADAA”), adopted by the 2017 Montana Legislature, significantly impacts the drafting of wills, trusts, and powers of attorneys as well as the representation of parties in protective proceedings.[1]  Enabling attorneys to assist their clients in planning for the management and disposition of their digital assets, the Act specifically addresses concerns raised by fiduciaries (i.e., personal representatives trustees, conservators, and agents acting under powers of attorney) regarding the difficulty, if not impossibility, of accessing documents, music, and photographs stored in the cloud, as well as social media accounts and emails.  The Act permits fiduciaries to access digital assets, including the content of electronic communications, under certain circumstances.  The Act also assures the companies holding those assets, called “custodians,” that they can allow that access without liability if they act in accordance with the provisions of the Act.   

Federal Law and Privacy Considerations.  Concerned with protecting an individual’s right to privacy, Congress has enacted two important pieces of relevant legislation.  In 1986, Congress enacted the Stored Communications Act[2] as part of the Electronic Communications Privacy Act.  The Stored Communications Act creates privacy rights protecting the content of a computer user’s (the “user’s”) electronic communications.  Generally, the Stored Communications Act prohibits custodians from voluntarily disclosing the content of electronic communications to the government or to any person or entity.  One of the exceptions to this prohibition is a disclosure pursuant to a user’s “lawful consent.”  

In addition, Congress provided further privacy protection by enacting the Computer Fraud and Abuse Act[3]  which criminalizes the unauthorized access of computer hardware and the data stored on the hardware.  A user may authorize access by a third party.  However, a question arises with respect to fiduciaries, i.e., whether the appointment of a fiduciary constitutes the requisite authorization?            

The Act: Privacy Concerns and the Differing Treatment for Electronic Communications and Other Digital Assets.  Reflecting the privacy concerns that underlie the above federal legislation, RUFADAA treats the content of “electronic communications” differently from other digital assets.[4]  Electronic communications include the subject line and content of email messages, text messages, instant messages, social media posts that are sent to a select group of people (as opposed to the general public), and other electronic communication between private parties. 

Electronic communications are a subset of digital assets.  In addition to electronic communications, digital assets include document and photograph files, contact lists, web domains, virtual currencies (e.g. Bitcoins), and online accounts with companies like Netflix or Amazon. 

In general terms, the default provision of the Act is that fiduciaries do not have access to the content of electronic communications, unless the user consented or a court orders that the fiduciary have access.  As to other digital assets, the default provision of the Act is that fiduciaries do have access, unless prohibited by a court or the user.   

Although the mere appointment of a fiduciary does not give that fiduciary access to the content of electronic communications, the fiduciary may have access to a “catalogue” of the user’s communications.  That catalogue identifies each person with whom a user has had an electronic communication, the time and date of the communication, and the electronic address of the person.[5]  Access to this catalogue of a user’s communication can prove helpful.  For example, by reviewing the catalogue of a decedent’s emails, a personal representative might note monthly communications from a bank.  This, in turn, would alert the personal representative to the possibility the decedent maintained an account at that bank.

User Consent.  The Act permits custodians to provide “online tools,” i.e., agreements distinct from the terms-of-service agreement.[6]  An online tool permits users to consent to the disclosure of digital assets, including the content of electronic communications.[7]  Those user directions are legally enforceable.[8]

If the custodian does not provide an online tool, or if the user does not use the online tool provided, the user may give legally enforceable directions for the disclosure of digital assets, including the content of electronic communications, in a will, trust, power of attorney, or other written record.  If, however, those directions are inconsistent with directions given in the online tool, the directions in the online tool govern.[9]

Similarly a user may prohibit access using an online tool if available, or if no online tool is provided or utilized, a user may prohibit access using the same traditional estate planning documents (will, trust, or power of attorney).   

Planning for Access to Electronic Communications.  As a practical matter, a user desiring his fiduciary to have access to the content of the user’s electronic communications should include express authorization in the user’s will, trust, or power of attorney.  Although as noted, the user can also provide access through an online tool, the online tool typically permits access to only one designated individual.  Contrast that with well-drafted wills, trusts, and powers of attorney, which typically include designations of contingent and successor personal representatives, trustees, and agents. 

Another reason for a user to prefer fiduciary authorization in a traditional estate planning document is to overcome a potential provision in a terms-of-service agreement purporting to restrict fiduciary access to digital assets.   Mont. Code Ann. § 72-31-404(3) permits a terms-of-service agreement to restrict a fiduciary’s access to digital assets.  Although a user could overcome such potential restrictions by utilizing either an online tool or a traditional estate planning document, it is unlikely that a custodian would include restrictions in its terms-of-service agreement and also provide an online tool to overcome those same restrictions.  Thus, a traditional estate planning document should authorize fiduciary access to all digital assets (electronic communications and other digital assets).    

If an attorney’s client decides to authorize fiduciary access in the client’s estate planning documents, the client should be cautioned to review his digital account settings, including his possible prior use of an online tool.  As noted above, those settings (perhaps made unwittingly years ago) if reflected in an online tool, will prevail over contrary directions in a conventional estate planning document.  

 

Wills.  A client may authorize his personal representative to have access to all of his digital assets, including the content of electronic communications.  If so, the client’s will might include a provision such as the following:

 

The party serving as personal representative of my estate, including any contingent or successor serving as personal representative:

(a)    may access, modify, delete, manage, and transfer my digital assets, including the content of electronic communications sent to me or received by me; 

(b)   may access, use, and manage my digital devices, including smartphones, tablets, laptops, desktops, related storage devices, and any similar digital device, including those devices that may be developed in the future; and

(c)    may access, control, modify, and delete my passwords and other electronic credentials associated with my digital assets and my digital devices.     

I intend that my personal representative have the same authority, power, and access to my digital assets (including the content of electronic communications) and digital devices as I had during my lifetime.  Thus, this authority granted to my personal representative shall be construed to be my lawful consent under:

(1)    the Computer Fraud and Abuse Act of 1986, as amended;

(2)    the Electronic Communications Privacy Act of 1986, as amended; and

(3)    any other applicable federal or state data privacy law or criminal law. 

Critical to any provision authorizing access are express references to the content of electronic communications, the Computer Fraud and Abuse Act of 1986, the Electronic Communications Privacy Act of 1986, amendments to those acts, and other applicable federal or state privacy law or criminal law.

However, if a client indicates his intent that all of his digital assets be erased, his will might include a provision such as the following:  

I direct that all of my digital assets be deleted.

Conceivably a client may want some digital assets disclosed and other digital assets deleted.  Again, that wish could be accomplished by direction in the will or other document, so long as the direction is not inconsistent with any direction provided in an online tool.[10] 

Trusts.  The Act provides similar rules for trusts.[11]  If the original user of a digital asset is also the trustee, the custodian must disclose all digital assets, including the content of electronic communications requested by the trustee.[12]  For example, if the trustee of a self-settled, revocable trust transfers his email account to the trust, the custodian must disclose the contents of that email account upon the request of that trustee.   

If, however, the trustee is not the original user, the custodian must disclose digital assets other than the content of electronic communications and provide a catalogue of electronic communications, unless otherwise directed by the user or ordered by the court.[13]  However, if the trust instrument includes a provision indicating the original user’s consent to the disclosure of the content of electronic communications, the custodian must comply with a trustee’s request.[14]   Such a trust provision might be fashioned after the sample language for wills provided above.  

Powers of Attorney.  Under the Act, custodians must disclose digital assets other than the content of electronic communications to an agent acting under a power of attorney, unless otherwise directed by the user or ordered by the court.  Additionally, custodians must provide a catalogue of the user’s electronic communications.[15]  If, however, the power of attorney expressly grants the agent authority over the content of the principal’s electronic communications, the custodian must comply with the agent’s request.[16]   Again, such an express authorization might be fashioned after the sample language for wills provided above.  As noted in the comments under RUFADAA as promulgated by the Uniform Law Commission,

There should be no question than an explicit delegation of authority in a power of attorney constitutes authorization from the user to access digital assets and provides “lawful consent” to allow disclosures of the content of an electronic communication from an electronic-communication service or a remote-computing service pursuant to applicable law.[17]   

Conservators for Protected Persons.  The Act treats conservators differently than other fiduciaries.  Because a protected person may retain some right to privacy in his personal communications, the mere appointment of a conservator does not permit a conservator to directly access digital assets.  Access can be obtained only by a court order after an opportunity for a hearing.[18]   If the court grants access, custodians must disclose the protected person’s digital assets other than the content of electronic communications.[19]  Additionally, courts may expressly order a custodian to disclose the content of electronic communications. 

Furthermore, Mont. Code Ann. § 72-31-413(3) permits a conservator with plenary authority to ask the custodian to suspend or terminate the protected person’s account for good cause.  This allows a conservator concerned about a protected person’s online behavior, to request suspension or termination of a social media account.  Nothing in Mont. Code Ann. § 72-31-413, however, permits the conservator to monitor the account.  As a practical matter, the conservator, to persuade the protected person to permit monitoring of the account, may threaten a termination or suspension request.    

Fiduciary’s Request for Digital Assets.  When requesting access to digital assets, fiduciaries must submit specified documents to the custodian.  Those documents vary slightly depending on whether the fiduciary is the personal representative of the user’s estate,[20] an agent under a power of attorney,[21] a trustee,[22] or a conservator.[23]   

The custodian may request the fiduciary to provide a number, username, address or other unique subscriber or account identifier assigned by the custodian to identify the user’s account and evidence linking the account to the user.[24]  In the case of an estate, the custodian may request the personal representative provide a court order finding that the user had a specific, identifiable account with the custodian.[25] 

To minimize the likelihood that custodians will request court orders, I recommend that a client who wishes to consent to fiduciary access, sign a separate document authorizing fiduciary access and identifying the client’s important accounts.  That authorization should link those important accounts to the client user by providing the client’s usernames, numbers, addresses, and other unique subscriber and account identifiers, but not their passwords.  The document should authorize the client’s fiduciaries to access the content of electronic communications, as well as other digital assets.  The authorization could be fashioned after the sample language for wills provided above.  Also, the authorization should be acknowledged by a Notary Public.  This authorization would supplement the express consent provisions in wills, powers of attorneys, and trusts.

I cannot predict the future conduct of custodians under this new Act.  Perhaps the authorization described in the preceding paragraph will prove unnecessary.  However, until custodians have demonstrated a pattern of respecting user’s consent to fiduciary access, I think the preparation of such an additional document is prudent. 

Other Aspects of the Act.  The custodian need not disclose digital assets deleted by the user.  The custodian may assess a reasonable administrative charge.[26]  If, within 60 days of receiving the fiduciary’s request, the custodian fails to comply with the request, the fiduciary may seek a court order directing compliance.  A custodian is immune from liability for any act or omission done in good faith compliance with the Act.[27]   

The Act does not apply to an employer’s digital assets used by an employee in the ordinary course of the employer’s business.[28]  Thus, the Act does not apply to an employer’s internal email system. 

Disposition of Digital Assets.  The Act does not address the transfer of ownership of digital assets in a will or trust.  Terms-of-service agreements must be reviewed to determine a client’s ability to devise such assets or provide for their distribution under the terms of a trust.   

Uniformity.  Thirty-six states have enacted the Revised Uniform Fiduciary Access to Digital Assets Act.  Also as of the date of this article, the Act has been introduced in the legislatures of eight other jurisdictions this year.  One set of rules should benefit both users and custodians who have multistate digital interests.           

Conclusion.  The Act removes many obstacles to a fiduciary’s access to digital assets.[29]  Given the prevalence of digital assets, Montana attorneys can expect to be called upon to draft wills, trusts, and powers of attorney consistent with their client’s intentions regarding access to digital assets and privacy rights.  If their clients wish their fiduciaries to have access to the content of their electronic communications, express provisions should be included in clients’ wills, trusts and powers of attorney.  Separate documents identifying important accounts and linking those accounts to the user should also be prepared.  Further, care should be taken to examine any online tool a client may have utilized.     



[1]Mont. Code Ann. § 72-31-401 et seq.  Senator Mary McNally was the primary sponsor of S.B. 118, the Revised Uniform Fiduciary Access to Digital Assets Act (2015).  Senator Nels Swandal and Representative Jeff Essmann co-sponsored the bill.

[2] 18 U.S.C. § 2701 et seq.

[3] 18 U.S.C. § 1030.

[4] Compare Mont. Code Ann. § 72-31-406 with Mont. Code Ann. § 72-31-407 concerning deceased users, Mont. Code Ann. § 72-31-408 with Mont. Code Ann. § 72-31-409 concerning powers of attorney, and Mont. Code Ann. § 72-31-411 with Mont. Code Ann. § 72-31-412 concerning trusts.

[5] See Mont. Code Ann. § 72-31-402(4). 

[6] Terms-of-service agreements, also known as “terms of use” agreements, are drafted by custodians and set forth the rules by which a user must agree in order to use the internet service.  Sometimes these agreements are in the form of a disclaimer.  As noted by the Uniform Law Commission in its comment to the definition found in section 2 of the Act, “It refers to any agreement that controls the relationship between a user and a custodian, even though it might be called a terms-of-use agreement, a click-wrap agreement, a click-through license, or a similar term.”  http://www.uniformlaws.org/shared/docs/Fiduciary%20Access%20to%20Digital%20Assets/2015_RUFADAA_Final%20Act_2016mar8.pdf.

[7] See Mont. Code Ann. § 72-31-402(16). 

[8] For example, Facebook provides an online tool.  By clicking through “settings,” “security,” and then “legacy contact,” a user can “choose a friend” to have access to the user’s account.  Alternatively, the user can request that his account be deleted.  Google provides users a similar choice.   One must click through “my account,” “personal inform & privacy” – “assign an account trustee,” “inactive account manager,” and “add trusted contact.”  Or one can “optionally delete account.”   

[9] Mont. Code Ann. § 72-31-403. 

[10] Mont. Code Ann. § 72-31-406(4). 

[11] See Mont. Code Ann. §§ 72-31-410, 72-31-411, and 72-31-412. 

[12] Mont. Code Ann. § 72-31-410. 

[13] Mont. Code Ann. § 72-31-412. 

[14] Mont. Code Ann. § 72-31-411. 

[15] Mont. Code Ann. § 72-31-409. 

[16] Mont. Code Ann. § 72-31-408. 

[18] Mont. Code Ann. § 72-31-413(1). 

[19] Mont. Code Ann. § 72-31-413(2). 

[20] Mont. Code Ann. §§ 72-31-406 and 72-31-407.

[21] Mont. Code Ann. §§ 72-31-408 and 72-31-409.

[22] Mont. Code Ann. §§ 72-31-411 and 72-31-412.

[23] Mont. Code Ann. § 72-31-413.

[24] See Mont. Code Ann. §§ 72-31-406(5), 72-31-407(4), 72-31-408(4), 72-31-409(4), 72-31-411(4), 72-31-412(4) and 72-31-413(2)(c).  

[25] Mont. Code Ann. § 72-31-406(5)(c).  

[26] Mont. Code Ann. § 72-31-405 fully describes other procedural aspects for the custodian’s disclosure of digital assets. 

[27] Mont. Code Ann. § 72-31-415.

[28] See § 20(3) of S.B. 118.  That section is not codified in Title 72, Chapter 31 Mont. Code Ann. 

[29] As we all know, personal representatives have long been able to manage and distribute a decedent’s writings stored in filing cabinets and photographs found in albums.  Now these personal representatives may be able to manage and distribute documents and photos stored in the cloud.