Please ensure Javascript is enabled for purposes of website accessibility
Home / News / Social Media Law: Uniform Act provides fiduciaries access to digital records

Social Media Law: Uniform Act provides fiduciaries access to digital records

Scott Malouf

Scott Malouf

It is trite to observe we live and work digitally. Everything from case-winning insights, financial records, agreements and contact information, to family photos and letters is, or becomes, digital, much of it stored online, with a surprising amount maintained by third parties.

But when you truly step away from the keyboard, what happens to that digital life? Unsurprisingly, Google has considered the issue. Its help center offers the following from a post entitled “Accessing a deceased person’s mail:”

We extend our condolences for your loss. If you need access to the Gmail account content of an individual who has passed away, in rare cases we may be able to provide the contents of the Gmail account to an authorized representative of the deceased person. (Italics in original) [i]

Twitter is more emphatic:

Please note: We are unable to provide account access to anyone regardless of his or her relationship to the deceased. [ii]

In short, tough luck, no access. Yet, account access may be vital to wrap up affairs and accounts may even contain or be valuable assets. A new model law helps fiduciaries access digital records, including online accounts.

The Uniform Fiduciary Access to Digital Assets Act (UFADAA or the “Act”) [iii], allows a fiduciary full access to online accounts and other digital records. The Act addresses four types of fiduciaries: personal representatives of decedents’ estates, conservators for protected persons, agents acting pursuant to a power of attorney, and trustees. The Act presumes account access for fiduciaries, unless the account holder made a conspicuous, knowing choice to deny fiduciary access. Non-compliant terms of service and choice of law provisions are void.

To address the requirements of federal privacy statutes, the Act differentiates between “digital assets” (generally, electronic records) and “content of an electronic communication” (very generally, the non-public substance of a communication, stored by a communications service provider). Fiduciaries are granted access to content if its disclosure is permitted by applicable federal laws, while access to digital assets is dictated by the Act itself. UFADAA was enacted in Delaware and is under review in 19 other states.

I interviewed the chair of the UFADAA drafting committee, Suzanne Brown Walsh [iv] to learn more about the Act and the challenges electronic records present for attorneys.

Rationale for the Act

Why is the Act needed? The simplest answer is that there has been litigation because fiduciaries have been, and are being, denied access to online accounts. It is very clear that there are problems, and that is what the statute tries to resolve.

If attorneys are making provisions in planning for digital assets, why is the Act needed? It is needed because the federal statutes that govern the release of digital information and communications don’t mention fiduciaries. So even if the planners adequately cover the topic in their documents, at some point you need to present your authority to the custodian of the assets or communications. And because the federal statutes authorize relief in some cases, we need to link the state probate laws to the federal privacy laws. And that is one of the things that UFADAA is trying to do – establish that state link. If we do that, I think the fiduciaries are authorized users under those federal privacy laws.

Does the Act change who owns an account? We don’t deal with devolution of the asset itself. The Act covers access, not changing the underlying rules that apply to property.

So, you are not expanding rights, the Act only concerns access, putting the fiduciary in the same position as the account holder? That’s right. The uniform Act is only as good as the number of enactments. The Act does not give fiduciaries greater rights to digital assets than the account holder enjoyed. The drafting committee felt that would be inappropriate. Further, it is unlikely that the content provider or someone who relies upon the protection of copyright law would accept our Act if it completely voided all their relationships and business.

Several states have statutes granting some form of fiduciary access. You suggest the Act makes providing fiduciary access “clearer” than existing state statutes because it provides the same rules for everyone in the country and generates a useful body of cases, correct? Exactly. UFADAA is more comprehensive than all the existing laws, except for Delaware, which is as comprehensive. It tries to be uniform, as the name implies. The idea is if you have almost identical or uniform acts in every state, that it is much fairer to all the providers who do business in every state, it is better for fiduciaries who might be representing parties that have assets in multiple states and it won’t matter where the person or custodian happens to be located.

How the Act Works

How does the Act work in a basic case of a person dying with a will leaving all property to a spouse? Subject to a proper waiver in a terms of service agreement, and unless a court has otherwise provided, or the account holder has otherwise provided, then, by default, the person’s representative will be given the right to access the content of the electronic communications, the custodian will be allowed to disclose them, and the personal representative will be allowed to access all other digital assets.

The other language worth noting is that we separate digital assets and the electronic communications content that is subject to the privacy laws. So there is language that says that “by default” the personal rep will get everything, including content, as long as disclosure of content is permitted under the federal law. That is something that the [communications service] providers negotiated to give them the comfort that, if under federal law, they were not allowed to disclose the communication, then under those circumstances, they wouldn’t have to.

The Act provides for an “affirmative designation” that a user wishes to override the Act’s default access for fiduciaries. Can you explain that a bit? The idea is that you need the Act’s authority and access to be available by default because so many people have not planned, but you want to empower people to say “I don’t want anybody to have access.”

Is the affirmative designation separate from the standard TOS of the online account or can it be part of the TOS? Our thought was it could be either. You could say in the TOS “no fiduciary access” and as long as it is a separate designation and it is not on page 33 of the TOS [it is acceptable. But,] you can’t waive access just in the TOS by saying “I accept”. If [the service providers] do a pop-up or something separate where you clearly understand what you are doing, then our thought was that would bar fiduciary access. So, it could be either.

Bottom line, it must be noticeable. It can’t just be something you click through? Yeah. The tough part for planners will be asking the client “What did you chose when you opened the account?” Eventually, I’m guessing, custodians will start offering this as an option, so then we can ask the client, “Which option did you choose?”

What about a situation where the individual’s planning documents grant fiduciary access and the “affirmative act” denies access? Which would control, or do you have to look at the relative dates? The short answer is that we have to determine intent. We did not draft a separate article that says what governs in such a situation, as you do sometimes in a statute. I think as this plays out, it is possible that this or another law will have to address that.

The Act provides immunity to providers for granting access. Why not also have the fiduciary indemnify the providers, as some state statutes do? The sense of the drafting committee was that was unnecessary. I, maybe alone, was particularly concerned with the notion of indemnity. I’m not sure I trust the providers not to unnecessarily litigate and run up legal fees and then try to collect damages from the fiduciary. So I felt that blanket immunity was sufficient and indemnity would be concerning. The providers obviously disagree. They think immunity is not helpful to them and indemnity is effective.

What is the top takeaway for legislators thinking about this issue and considering whether to propose legislation? I think the most important thing the Act does is put the client in the driver’s seat. The client can now, without question, clearly instruct their fiduciary on what to do. So it preserves the privacy the client wants, it preserves the access the client wants. And I think without the Act, all of that control is entrusted to the custodian and I don’t think that is where we want it. We want to wrest control away from the custodian and make the customers the keepers of their privacy, which is what we are trying to do. I think that is a popular idea with constituents.

Attorney Walsh shared several tips for helping clients with digital accounts and assets. I will cover those next month.


[i] Retrieved on October 18, 2014 from See the post for additional requirements to access a deceased user’s account.

[ii] Retrieved on October 18, 2014 from See the post for additional information on treatment of the account of a deceased Twitter user.



Scott Malouf is an attorney who helps other attorneys use social media, text and Web-based evidence. You can learn more about him at his website ( and follow him on Twitter at @ScottMalouf.