On September 29, 2016, a bill was signed into law by Governor Cuomo adding Article 13-A to the New York Estates Powers and Trust Law (the “EPTL”). This legislation is New York State’s version of the “Uniform Fiduciary Access to Digital Assets Act” (the “Act”) which nineteen (19) other states have also enacted into law. The Act is effective immediately. It is meant to provide certainty to all types of fiduciaries – including: trustees, executors, administrators, agents under a power of attorney and guardians – in their efforts to acquire access to digital assets. They now have the authority to gain access to, manage, distribute and copy or delete digital assets. The Act covers digital assets used for personal use and does not apply to a digital asset of an employer used by an employee in the ordinary course of the employer’s business.
Of course, the wide use of digital assets has created an urgent need for legislation dealing with the administration of these assets upon the death or incapacity of the user. As a practical matter, there should be no difference between a fiduciary’s ability to gain access to information from an online bank or other Internet-based business and the fiduciary’s ability to gain access to information from a business with a brick and mortar building. This bill amends the New York Estates Powers and Trusts Law (“EPTL”) to restore control of the disposition of digital assets back to the individual and removes such power from the service provider.
Article 13-A gives fiduciaries authority to gain access to, manage, distribute and copy or delete digital assets. It addresses four types of fiduciaries, namely: a personal representative (executor or administrator) of a decedent’s estate; a guardian of a ward or protected person; an agent acting pursuant to a power of attorney; and a trustee. In the past, where property was mostly in tangible there was little doubt of its ownership and control. Indeed, the law recognizes that when a property owner dies or becomes unable to manage his or her property, such owner may appoint a fiduciary to manage the property. The role of a fiduciary subsumes the duty of loyalty, care and confidentiality. The system has worked well throughout our history.
This measure does not break new legal ground, but merely applies the laws governing fiduciaries to a new type of property. Service providers protect themselves by requiring a user to agree to a Terms of Service (“TOS”) agreement prior to creating an online account. In the absence of state laws dealing with the disposition of digital assets, individuals will likely be subject to the service provider’s TOS if it has a policy regarding the transfer or disposal of the account and its content. Some service providers have a policy that indicates what will happen upon the death of a user, but most have no explicit policy.
In addition, there are federal laws that criminalize, or penalize, the unauthorized access of computers and digital accounts and prohibit most service providers from disclosing account information to anyone without the user’s consent. These laws include the Electronic Computer Privacy Act (the “ECPA”); the Stored Communications Act (the “SCA”), which is part of the ECPA, and the Computer Fraud and Abuse Act (“CFAA”). The CFAA prohibits unauthorized access to computers and protects against anyone who “intentionally accesses a computer without authorization or exceeds authorized access.” The SCA contains two relevant prohibitions. The SCA is often the basis on which service providers refuse to release the contents of a deceased user’s account.
In addition to federal privacy laws, there are state privacy laws. All fifty states, including New York, have enacted criminal laws penalizing unauthorized access to computer systems. Consequently, without legislation, many service providers will likely continue to refuse to provide access or to release content upon the death or incapacity of a user based on privacy concerns or for fear of facing certain liability. This bill is based largely on a proposal from the Uniform Law Commission namely RUFADAA (Revised Uniform Fiduciary Access to Digital Assets Act) which is a compromise designed to address the serious problems outlined above and, as well, the concerns of the service providers and civil libertarians. The only changes from such act are those necessary to conform it to existing New York law. This measure, which would have no fiscal impact on the State, would take effect immediately. What this all means is that New Yorkers can now effectively designate who can obtain access to their digital records upon their death or incapacity and, moreover, whether they might wish to prohibit such disclosure either in whole or in part. Although this can be done by will, trust, or power of attorney, an Internet service providers’ online tools overrides a contrary direction by the user in a will, trust, or power of attorney. Accordingly, you and your advisors and counsel can now address your dispositive wishes for your digital assets in your will, trust, and power of attorney; and ensure that such wishes are not inadvertently overridden by a contrary direction in an online tool that might be out of date.
Good News from Albany is hard to come by, but it does happen!