Revised Uniform Fiduciary Access to Digital Assets Act

The Revised Uniform Fiduciary Access to Digital Assets Act (755 ILCS 70) (hereinafter “Act”), that took effect on August 12, 2016, “permits individuals to expressly consent to disclosure by third parties of the individual’s online accounts and grants individuals the right to delegate authority to others to access those online accounts and digital records” (The Docket Vol. 25 No. 9, pp. 18).  Further, the Act dictates how and in what manner authorized fiduciaries are to obtain lawful consent and manage password-protected online accounts.  Concurrently with the revision of this legislation, the Illinois Criminal Code was also updated to reflect the changes.  Authorized fiduciaries will no longer be guilty of computer tampering by accessing digital property, and can legally obtain access to digital assets and electronic communication, so long as the procedures in the Act are followed. 

The Act works in conjunction with the Computer Fraud and Abuse Act (which prohibits the unauthorized access of computers and their contents), the Stored Communications Act (which criminalizes unauthorized access to electronic communications) and the Computer Crime Prevention Act (which makes it a crime to access computer records without permission) to protect the digital assets of decedents and/or disabled persons.   A “digital asset” is defined by the Act as “an electronic record in which an individual has a right or interest…[but] excludes assets or liabilities,” (IBJ Vol. 104 No. 11, pp. 29) such as the actual funds in an online account.  The term can be used to refer to anything that has to do with digital property (e.g. computers, cell phones, tablets, cameras, music players, etc.), as well as any content or communications stored on the device.  It is considered federally criminal if any digital property (physical electronic hardware) is accessed in an unauthorized manner.  Computers, tablets and cell phones used in interstate and foreign commerce are federally “protected computers.”  Custodians of digital assets (online account service providers) are federally prohibited from disclosing any electronic communications to anyone but their originators unless lawful consent is given, or unless the information is publicly accessible.  Any custodian or person who accesses or discloses digital communications without proper lawful consent is “subject to fines, imprisonment, and in some cases, civil liability” (IBJ Vol. 104 No. 11, pp. 29).  

The Act’s main purpose is to give fiduciaries that fall under any of the listed categories below “the legal authority to manage digital assets and electronic communications in the same way as they manage tangible assets and financial accounts” (IBJ Vol. 104 No. 11, pp. 29) with specific lawful consent.  Conversely, it gives to custodians of digital assets and electronic communications the “legal authority to deal with the fiduciaries of their users, while respecting the user’s reasonable expectation of privacy for personal communication” (IBJ Vol. 104 No. 11, pp. 29).  A “fiduciary” may fall under any of the following categories: (1) a personal representative of an estate (executor or administrator); (2) an agent under power of attorney; (3) the trustee of an estate (successor trustees included); or (4) a court appointed guardian of an estate (IBJ Vol. 104 No. 11, pp. 29).  Family and friends of a decedent or disabled person are not considered fiduciaries, and thus not covered in the Act, unless they are named or assume the role of a fiduciary in estate administration documents the same way as a fiduciary does, or unless they are considered “designated recipients.”  

One major exception to the Act is for any digital assets of an employer used by an employee during the usual course of business.  Custodians may disclose without lawful consent any electronic records and the content of electronic communications if they were used by an employee during the usual course of business.  

Many custodians provide online tools for the designation of recipients of digital assets.  For example, Facebook now allows you to designate a “legacy contact.”  A person designated by a user in this manner will take precedence over “any other direction by the user as to that specific account” (IBJ Vol. 104 No. 11, pp. 31). However, most custodians do not provide this tool.  

     When considering whether to give broad authority to access digital accounts to fiduciaries, the client should address privacy considerations.  Broad authority means that the fiduciary could access email and other personal communication.  Some of these communications may not have ever intended by the client to be accessed by anyone but the sender and recipient.  Thus, the client should exercise caution in choosing how broad of authority and to whom that authority should be granted.  Also, it should be ensured that the fiduciary being named is technologically savvy.  It could be difficult for anyone with little technological experience to access the desired accounts, let alone make distributions or complete complex online account management actions.