Identity Theft: Will your Online Presence Put your Estate at Risk?
My colleague, Natalia Angelini, recently blogged on the unexpected death of QuadrigaCX’s founder, Gerald Cotton. Mr. Cotton was the only person who held the password to access the holdings of the company’s clients.
The QuadrigaCX case has brought the issue of digital assets and passwords within estate planning to the global stage. While this case is an extreme, most testators, if not all, will have some form of online presence requiring the use of passwords when they die.
Natalia discusses the case as a reminder that in the era of growing digital assets, we need to think about how to ensure the gifting of such assets can be effected, as well as ensuring that estate trustees know how to access such assets. I would like to examine the topic of the digital era and passwords in relation to fraud and identity theft involving estates.
Identity Theft of the Dead
Back in September, 2018, I attended the Law Society’s continuing professional development program called “Practice Gems: Probate Essentials 2018”. While there, a paper written by Craig Ross and Kyle Kuczynski of Pallett Valo LLP entitled “Protecting Estates From Identity Theft” was presented.
The paper examines the increase in identity theft of estates and sets out helpful tips on what steps can be taken by testators and estate trustees alike to protect the privacy and identity of the estate.
The paper discusses concerns regarding the vast online presence a testator may have, the full extent of which will likely be unknown to the intended estate trustee. Personally, I think of how this could easily include not only social media accounts such as Facebook, Instagram and LinkedIn, it would also include the many other applications I use in a day, including but not limited to music streaming apps, fitness apps, online banking apps, video streaming apps and transportation apps such as Uber. All of the various social media platforms and applications we utilize store important information including names, dates of birth, phone numbers, emails, credit card numbers, and in some instances the names of family members.
Tips to Protect your Estate
As the paper points out, this information “sits dormant and vulnerable after death”. Below, I summarize some of the main tips the paper discusses in relation to a testator’s online presence, and how best to protect against fraud and/or identity theft:
- The testator should keep and safely store a master list of accounts, subscriptions and services;
- The testator should keep a record of all websites that store or publish personal information. The Testator should also attempt to minimize the personal data that may be published online, such as birth dates, or city of residence;
- The testator should keep a list of login information and passwords for websites and services regularly used by the testator that retain or publish personal information. The list should be maintained in a secure manner;
- The estate trustee should cancel all memberships and known subscriptions of the deceased;
- The estate trustee should advise all financial institutions and credit agencies of death as soon as possible;
- The estate trustee should redirect mail as soon as possible;
- If account logins and passwords are available, social media accounts and other websites should be deleted. If no logins and passwords are available, the estate trustee should contact the website or account providers in question and request that the account be frozen or deleted; and
- Online service providers should also be notified of the death and instructed to freeze accounts.
In addition to providing these helpful tips, the paper discusses the difficulties an estate trustee may have in actually effecting the deleting and freezing of certain social media accounts and/or websites depending on the user agreement between the testator and the platform or website. They provide the example of Facebook which includes a term within its user agreement that prohibits the sharing of passwords and login information without its permission.
Further, Facebook’s default policy is to memorialize a user’s account upon their death, rather than delete it, and while they may delete it upon request, they are under no obligation to do so.
Out of curiosity, I conducted a quick search on Instagram to learn more about their policies regarding the death of user and it also appears that the app will memorialize, rather than delete the account of a deceased user. Instagram also has a policy against the sharing of login and password information.
In light of the ever evolving digital era we find ourselves in, it is prudent to give consideration to what will happen to our expansive online presences after we die, and to take what steps we can now to protect our assets and identities.
Thanks for reading!
Please feel free to check out the below blog which discusses protecting against identity theft after death more generally: