What are your electronic assets? They might include (1) written, video or sound data stored on your digital device, the cloud or another platform, (2) social media data, (3) financial assets reflected on electronic account statements, cryptocurrency such as bitcoin, and other accounts such as PayPal, (4) business data such as copyrights, trade secrets and employee information, and (5) other accounts such as online gaming, and credit card or airline points. Unless you prepare and maintain lists of electronic assets together with passwords, how can you be certain that people you entrust with your assets will know about your electronic property or how to access it? Those lists, if made, are often outdated or incomplete. Accordingly, many agents under powers of attorney, trustees under trust agreements, personal representatives of estates and conservators of persons (collectively, “Fiduciaries”) struggle to identify, manage and administer electronic assets. The Pennsylvania General Assembly has improved the grasp of Fiduciaries by adopting the Revised Uniform Fiduciary Access to Digital Assets Act (“RUFADAA”) with related provisions under Act 72 of 2020 (the “Act”). The Act balances the needs of Fiduciaries to access and manage digital assets with the duties of custodians of those digital assets (“Custodians”) and the privacy interests of the owners of those assets (“Users”).
RUFADAA was drafted by the National Conference of Commissioners on Uniform State Laws (“NCC”) and approved by the NCC at its annual conference held in July 2015. The NCC says that the purpose of RUFADDA is two-fold. “First, it gives fiduciaries the legal authority to manage digital assets and electronic communications in the same way they manage tangible assets and financial accounts, to the extent possible. Second it gives custodians of digital assets and electronic communications legal authority to deal with the fiduciaries of their users, while respecting the user’s reasonable expectation of privacy for personal communications.” Revised Uniform Fiduciary Access to Digital Assets Act (2015), National Conference of Commissioners of Uniform State Laws, page 1. This balancing of interests can be seen in the language of the Act.
The Act expressly applies in some circumstances but not in others. It applies on and after its effective date (180 days after July 23, 2020) to (1) a fiduciary acting under a will or a power of attorney, (2) a personal representative acting for a decedent who died before, on or after the effective date, (3) a proceeding for the appointment of a guardian of an estate; (4) a trustee acting under a trust created before, on or after the effective date; and (5) a Custodian if the User lives in Pennsylvania or lived in Pennsylvania at the time of his or her death. The Act does “not apply to the digital assets of an employer used by an employee in the ordinary course of the employer’s business.” 20 Pa. C.S.A.§3903(c). The Act does not directly refer to digital assets of a decedent who used his or her employer’s computer to manage those assets.
The Act specifically addresses disclosure to a Fiduciary of digital assets as set forth in agreements of the User and in the User’s estate planning documents. First, a “Terms-of-Service Agreement” is an agreement which controls the relationship between the User and the Custodian. An “Online Tool” is defined as “an electronic service provided by a Custodian which allows the User in an agreement distinct from the [Terms-of-Service Agreement] to provide direction for disclosure or nondisclosure of digital assets to a third person.” 20 Pa.C.S.A.§3902. If the User may modify or delete a direction at all times on an Online Tool, then that direction overrides a contrary direction in that User’s will, trust, power of attorney or other record (each, a “User Direction Document”). If the User has not set out a direction in such an Online Tool or the Custodian does not provide an Online Tool, then the User “may, in [a User Direction Document], allow or prohibit disclosure to a [Fiduciary] of some or all of the [User’s] digital assets, including the content of electronic communications sent or received by the [User].” 20 Pa.C.S.A.§3904(b). Further, a User’s direction in an Online Tool or a User Direction Document “overrides a contrary provision in a [Terms-of-Service Agreement] which does not require the [User] to act affirmatively and distinctly from the [User’s] assent to the terms of service.” 20 Pa.C.S.A.§3904(c).
The Act provides state rules for access within the limits allowed by existing federal law. The Electronic Communications Privacy Act of 1986 (“ECPA”) is a codification of federal statutes that protects wire, oral and electronic communications while those communications are being made, are in transit, and when they are stored on computers. Covered are email, telephone conversations and data stored electronically. The EPCA includes the Stored Communications Act, 18 U.S.C.§§ 2701-2712. The structure and content of the RUFADAA, and consequently the Act, are drafted by reference to the defined terms and content of the ECPA. Online Tools and Terms-of-Service Agreements are supposed to be drafted to respect the duties of Custodians in the ECPA, particularly nondisclosure provisions in 18 U.S.C.§2702. RUFADAA addresses the limited subject matter of fiduciary access. As the NCC states, “[ RUFADAA] gives states precise, comprehensive, and easily accessible guidance on [Fiduciaries’] ability to access the records of a decedent, protected person, principal or a trust.” Revised Uniform Fiduciary Access to Digital Assets Act (2015), National Conference of Commissioners of Uniform State Laws, page 2.
Accordingly, the Act clearly states its limits. First, the Act “does not change or impair a right of a [Custodian or a [User] under a [Terms-of-Service Agreement] to access and use digital assets of a [User].” 20 Pa.C.S.A.§3905(a). Second, the Act “does not give a [Fiduciary] or designated recipient any new or expanded rights other than those held by the [User] for whom or for whose estate the [Fiduciary] acts or represents.” 20 Pa.C.S.A.§3905(b). Third, a [Fiduciary’s] access to digital assets may be modified or eliminated by a [User], Federal law, or a [Terms-of- Service Agreement] if the [User] has not provided direction in a [User Direction Document].” 20 Pa.C.S.A.§3905(c).
How can a Fiduciary with authority over digital assets cause the Custodian to disclose those assets to the Fiduciary? The Custodian must disclose to the personal representative of the estate of a deceased User the content of an electronic communication sent or received by the User if the Fiduciary has authority by court order or a User Direction Document and gives the Custodian: (1) a written request for disclosure; (2) a certified copy of the death certificate of the User; (3) a certified copy of the letters testamentary or letters of administration; (4) a copy of the User Direction Document (unless the direction is contained in an Online Tool); and (5) if requested by the Custodian, (a) the unique account identifier assigned by the Custodian, (b) evidence linking the account to the User, or (c) certain findings of a court. 20 Pa.C.S.A.§3907.
Sometimes a Fiduciary needs to see a list of communications and digital assets to understand what might be available to manage and administer. How can a Fiduciary obtain a catalogue of electronic communications sent or received by the User and any digital assets other than the content of electronic communications of the User (the “List”)? Unless the User
prohibited disclosure of digital assets or the court directs otherwise, a Custodian must deliver to the Fiduciary such a List if the Fiduciary presents to the Custodian the same materials as with a request for electronic communications, except that the Custodian may also request an affidavit that the digital assets are reasonably necessary for the administration of the estate. 20 Pa.C.S.A.§3908(a). The personal representative may file with the Orphans Court certain documents and an affidavit to meet some of the findings that could be sought by the Custodian. 20 Pa.C.S.A.§3908(b).
How can a Fiduciary under a power of attorney (“Agent”) compel the Custodian to disclose electronic communications sent or received by a User other than by direction of the User or a court? Such an Agent must deliver to the Custodian: (1) a written request for disclosure; (2) an original or copy of the power of attorney granting the Agent authority over the electronic communications; (3) a certificate by the Agent that the power of attorney is in effect; and (4) if requested by the Custodian, (a) the unique account identifier assigned by the Custodian, or (b) evidence linking the account to the User. 20 Pa.C.S.A.§3909.
How can the Agent compel the Custodian to disclose any digital assets other than electronic communications unless otherwise ordered by court, directed by the User or provided by the power of attorney? The Agent must provide to the Custodian the same items as for electronic communications, but the power of attorney or copy presented must give “the [Agent] specific authority over the digital assets or general authority to act on behalf of the [User].” 20 Pa.C.S.A.§3910.
Similar statutory authorizations apply under the Act for trustees under a trust (each, a “Trustee) and guardians of estates (each, a “Guardian”). When the Trustee is the original user of an account, the Custodian must disclose any digital asset of the account held in trust. 20 Pa.C.S.A.§3911. When the Trustee is not the original User of the account, the Custodian must disclose the content of an electronic communication sent or received by an original or successor User and carried, maintained, processed, received or stored by the Custodian when the Trustee presents similar documents as an Agent under section 3909, except the User Direction Document must be a certified copy of the trust instrument or a certification of the trust and the certification must be that the trust is presently in effect and the Trustee is presently the trustee. 20 Pa.C.S.A.§3913.
A Guardian may compel a Custodian to disclose the catalogue of electronic communications sent or received by the protected person and any digital assets, other than the content of electronic communications, of the protected person, if the Guardian provides to the Custodian: (1) a written request for disclosure, (2) a certified copy of the court order giving the Guardian authority over such digital assets, and (3) if requested by the Custodian, (a) the unique account identifier assigned by the Custodian or (b) evidence linking the account to the protected person. 20 Pa.C.S.A.§3914. The Guardian may request a Custodian of digital assets of the protected person to suspend or terminate an account with a certified copy of the court order granting the Guardian authority over the protected person’s property.
The Act delineates a Fiduciary’s duty and authority. The fiduciary duties applicable to managing tangible personal property apply to a Fiduciary of digital assets, including the duties of care, loyalty and confidentiality. A Fiduciary’s authority over a digital asset (1) is subject to (a) a Terms-of-Service Agreement (except as provided in section 3904) and (b) applicable law
including copyright law; (2) is limited by the scope of the Fiduciary’s duties; and (3) may not be used to impersonate the User. A Fiduciary with authority over the property of the decedent, protected person, settlor or principal (“Interested Person”) has the right to access any digital asset in which the Interested Person had a right or interest and which is not subject to any Terms-of- Service Agreement or held by a Custodian. A Fiduciary acting within the scope of his or her fiduciary duties is an authorized user of the of the property of the Interested Person for purposes of computer fraud and unauthorize computer access laws (“Authorized User”). 20 Pa.C.S.A.§3915(d). Similarly, a Fiduciary with authority over the tangible personal property of an Interested Person, has the right to access the property and digital assets stored in that tangible personal property and is an Authorized User. 20 Pa.C.S.A.§3915(e). A Custodian may disclose information in an account to a Fiduciary when the information is used to terminate an account which is used to access digital assets licensed to the related User. The Act also provides procedures for terminating an account.
The Act specifically addresses Custodians. They must respond within 60 days of receipt of a written request for production of a List, electronic communications or other digital assets by a Fiduciary, failing which the Fiduciary may apply for a court order. The court order must contain a finding that the disclosure does not violate 18 U.S.C. §2702, regarding voluntary disclosures of electronic communications and other records, part of the ECPA. The Custodian may notify a User that it received a request for disclosure or termination of an account under the Act. The Custodian may request or require a Fiduciary to obtain a court order which (1) specifies that an account belongs to a protected person or principal, (2) specifies there is sufficient consent from the protected person or principal, and (3) contains a finding required by law other than the Act. Finally a Custodian, its officers, employees and agents “are immune from liability for an act or omission done in good faith in compliance with [the Act].” 20 Pa.C.S.A.§3916(f).
Sen. Thomas H. Killion (R-9) sponsored SB 320, which was co-sponsored by, among others, Sen. Judith L. Schwank (D- 11), both of whom co-sponsored a prior Senate bill covering the same subject matter in the 2017-2018 session. SB320 was signed in the Senate on July 13, 2020, and in the House on July 8, 2020. Governor Tom Wolfe approved SB 320 on July 23, 2020 as Act 72 and it will become effective 180 days thereafter. The Act is important because it “will extend a fiduciary’s existing authority over a person’s tangible assets to include the person’s digital assets, with the same fiduciaries to act for the benefit of the represented person or estate,” according to Sen. Killion’s Co-Sponsorship Memo (“Memo”). Further, the Act was supported by many stakeholders, including the NCC, the Pennsylvania Bar Association, the Pennsylvania Bankers Association, the Joint State Government Commission and the Administrative Office of Pennsylvania Courts. In the Memo, Sen. Killion cited a statement of the National Conference of State Legislatures that 46 states had already passed digital asset legislation. The Act will provide a standardized set of rules for Fiduciaries to have access to digital assets, thereby improving the administration of digital assets in Pennsylvania.
© 2020 Robert J. Hobaugh, Jr.