Background:

The Revised Uniform Fiduciary Access to Digital Assets Act (UFADAA) is a uniform law adopted by the National Conference of Commissioners on Uniform State Laws (NCCUSL) in 2015. The UFADDA addresses the ability of fiduciaries and other designated persons to access an individual's digital assets according to specific direction from the individual or through default rules for access. The NCCUSL developed the UFADAA due to the increase in the number of digital assets held by individuals and the lack of clear laws addressing a fiduciary's ability to access these records in order to manage the property and affairs of the person according to the fiduciaries' obligations.

According to the NCCUSL, the purpose of the UFADAA is to give fiduciaries the legal authority to manage digital assets in the same way that they manage tangible assets and financial accounts, and to provide custodians of digital assets the legal authority to deal with fiduciaries while respecting the privacy rights of persons who own or have an interest in the digital assets.

A fiduciary is a person with the legal authority to manage another person's property or affairs and a duty to act in that person's best interest. Fiduciaries include the personal representative of a decedent, an agent under a power of attorney, a trustee of a trust, and a guardian of an incapacitated person. Fiduciaries often need access to digital assets on the owner's behalf to manage the property and affairs of a person who dies or becomes incapacitated, or who transfers property to a trust or executes a power of attorney.

Digital assets are electronic records in which a person has a right or interest, such as electronic mail and social media accounts, blogs, photo and video sharing sites, and online file storage accounts. Many digital assets are governed by the terms-of-service agreements or privacy policies of online service providers that may restrict or prohibit fiduciaries from accessing and managing a person's digital assets. In addition, the federal Electronic Communications Privacy Act generally prohibits the disclosure of the content of electronic communications without consent, and establishes limitations on the disclosure of other electronic information. Washington laws governing personal representatives, agents, trustees, and guardians do not address the issue of the authority of these fiduciaries to access digital assets.

Summary of Bill:

The Revised Uniform Fiduciary Access to Digital Assets Act (Act) is enacted to provide specified fiduciaries with the authority to access and manage the digital assets of a person. The Act applies to four types of fiduciaries: personal representatives, trustees, agents under powers of attorney, and guardians. The Act does not apply to a digital asset of an employer used by an employee in the ordinary course of the employer's business.

Under the Act, a "custodian" is a person that carries, maintains, processes, receives, or stores a digital asset of a "user," who is a person that has an account with a custodian under a terms-of-service agreement. "Digital asset" means an electronic record in which an individual has a right or interest, but does not include an underlying asset or liability unless the asset or liability is itself an electronic record.

The Act addresses the authority of fiduciaries to access and manage digital assets, including the content of electronic communications, a catalogue of electronic communications, and other digital assets. "Catalogue of electronic communications" means information that identifies each person with which a user has had an electronic communication, the time and date of the communication, and the electronic address of the person. "Content of an electronic communication" means information concerning the substance or meaning of a communication is not readily accessible to the public, and that has been sent or received by a user and is in electronic storage, or carried or maintained, by a custodian.

Direction by User.

A user may provide direction regarding disclosure of the user's digital assets to a designated recipient or fiduciary through on online tool, or in a will, trust, power of attorney, or other record. An "online tool" is an electronic option provided by the custodian that allows the user, in an agreement distinct from the terms-of-service agreement, to provide directions for disclosure or nondisclosure of digital assets to a third person.

A direction regarding disclosure through an online tool overrides a contrary direction in a will, trust, power of attorney, or other record if the online tool allows the user to modify or delete the direction at all times. A user's specific direction overrides a contrary provision in a terms-of-service agreement that does not require an affirmative act distinct from the user's assent to the agreement.

Terms-of-Service Agreements. The Act does not change or impair a right of a custodian or user under a terms-of-service agreement to access and use digital assets of the user, and does not give a fiduciary or a designated recipient any new or expanded rights other than those held by the user.

Custodian Procedures for Disclosure. A custodian has discretion regarding the procedures to be used when disclosing digital assets to a fiduciary or designated recipient. The custodian may grant full access to the user's account, grant partial access sufficient for the fiduciary or designated recipient to perform necessary tasks, or provide a fiduciary or designated recipient with a copy in a record of any digital asset the user could have accessed. A custodian need not disclose any digital asset deleted by the user.

A custodian may charge a reasonable administrative charge for disclosure. A custodian need not disclose digital assets where a request for disclosure of some but not all of the user's digital assets poses an undue burden on the custodian. A custodian or fiduciary may seek a court order regarding a disclosure the custodian believes poses an undue burden.

Disclosure of Digital Assets to Fiduciaries.

Standards for the disclosure of digital assets to specific fiduciaries are established. Different requirements for disclosure apply depending on the type of fiduciary involved. In general, the content of electronic communications may be disclosed to a fiduciary only if the user has provided specific consent in an online tool, or in a will, power of attorney, trust, or other document. A catalogue of electronic communications and any digital assets other than the content of communications may be disclosed to a fiduciary unless otherwise directed by a court or by the user.

A fiduciary's request for disclosure of digital assets must be in writing and accompanied by certified copies of the relevant documents establishing the fiduciary relationship and granting fiduciary authority. The custodian may require the fiduciary to provide a unique identifier assigned by the custodian to identify the user's account or some evidence linking the account to the user.

In the case of a personal representative requesting disclosure of the digital assets of a decedent, the custodian may require the personal representative to also provide court findings that the user had an account with the custodian and that disclosure is necessary for estate administration. If the request is for disclosure of the content of electronic communications, the custodian may also require the personal representative to provide court findings that disclosure of the content would not violate federal law governing privacy of electronic communications and that the user consented to disclosure of the content of electronic communications.

In the case of a trustee who is an original user of an account, the custodian must disclose to the trustee any digital asset of the account held in trust, including the content of electronic communications, unless otherwise ordered by the court or provided in the trust. If the trustee is not an original user, the trustee may obtain access to the content of an electronic communication in the account only if the trust instrument includes consent to disclosure of the content to the trustee. Other digital assets and a catalogue of electronic communications may be disclosed without specific consent in the trust instrument.

Fiduciary Duties and Authority.

The legal duties that apply to a fiduciary charged with managing tangible property apply to the management of digital assets, including the duty of care, the duty of loyalty, and the duty of confidentiality.

A fiduciary's or designated recipient's authority with respect to a digital asset is subject to the applicable terms-of-service agreement and other applicable law, including copyright law, and may not be used to impersonate the user. A fiduciary's authority with respect to digital assets is limited by the scope of the fiduciary's duties.

A fiduciary acting within the scope of the fiduciary's duties is an authorized user of the property for the purpose of applicable computer fraud and unauthorized computer access laws. A fiduciary with authority over the tangible personal property of the decedent, principal, settlor, or incapacitated person has the right to access the property and any digital asset stored in it, and is an authorized user for the purpose of applicable computer fraud and unauthorized computer access laws.

A fiduciary may request termination of a user's account if the request is in writing and accompanied by the death certificate of the user, if deceased, and a certified copy of the document providing the fiduciary's authority. If requested by the custodian, the fiduciary must also provide a unique identifier to identify the account, some evidence linking the account to the incapacitated person, or a court finding that the user had a specific account with the custodian.

Custodian Compliance and Immunity.

A custodian must comply with a request from a fiduciary or designated recipient to disclose digital assets or terminate an account no later than 60 days after receipt of the request. A fiduciary or designated recipient may apply to the court for an order directing compliance with the request, and any such order must contain a finding that compliance is not in violation of federal law governing privacy of electronic communications.

A custodian may deny a request for disclosure or to terminate an account if the custodian knows of any lawful access to the account following receipt of the request. The act does not limit a custodian's ability to require a fiduciary or designated recipient to obtain a court order that specifies that an account belongs to the user and there is sufficient consent from the user to support the requested disclosure.

A custodian and its officers, employees, and agents are immune from liability for an act or omission done in good faith in compliance with the act.