Article on Privacy During Life and Access After Death
As financial transactions move online, hard copies now often form only a small fraction of a person’s records. Paper bank statements, checkbooks, credit card bills, and receipts are being replaced by e-statements, online accounts, and confirmation emails. Documents once found in wallets, desks, and safety deposit boxes are now accessed mainly through email and website accounts.
Though online transactions are convenient for account holders during life, finding and understanding electronically-stored financial information after their deaths can quickly become a nightmare. There may be multiple computers or external hard drives that contain sensitive information. Online financial institutions keep transaction records and personal information as well: bank and investment websites, PayPal, subscription services, electronic medical records, shopping websites, and membership services all hold customers’ personal information. Customers often use one or more email accounts to receive updates from and communicate with these organizations. Each organization that collects a person’s private information, including email service providers, may have different passwords, security questions, and personal identification numbers required to access the account. “If [a person does] a great job on security, [he] all but guarantee[s] no one can get easy and timely access to [his] digital world” in the event of death or incapacity.
Nearly half of all adults with internet access in the United States use the Internet to bank or pay bills. Online banking is equally common among all adult age groups under sixty-five. “[P]eople are increasingly turning to Internet banking because of the high convenience, independence, and the typically better value it can offer.”
However, increased convenience comes with a price: privacy invasions and identity theft. For example, of the individuals whose checking accounts were compromised in 2004, 70% conducted financial transactions online. Government reaction to this threat has been swift: Congress passed laws punishing identity theft, and the President created task forces to combat it.
Existing financial regulations delineate with whom and under what circumstances financial institutions may share customers’ private information. These laws also create criminal liability for stealing private financial information. Privacy laws, such as the Gramm-Leach-Bliley Act of 1999 (“GLBA”) and the Right to Financial Privacy Act of 1978 (“RFPA”), protect customers of financial institutions from misappropriation and misuse of their nonpublic financial information.
Online financial transactions and communications are additionally subject to internet privacy laws. The Electronic Communications Privacy Act of 1986 (“ECPA”) prohibits companies that process, handle, and intercept electronic communications from knowingly divulging the contents of the communications. Further, it prohibits electronic communications service providers from intentionally disclosing the contents of communications to any party other than the sender or the designated recipient.
But the law can only do so much. Those who use online financial services must protect themselves, too. Privacy advocates advise consumers to treat any information they put on the Internet as inherently public. Consumers are encouraged to have long, complicated passwords, to change them often, and to keep them secret. Though effective for maintaining privacy during life, following this advice often frustrates efforts to understand a person’s financial situation after death.
When a person dies, probate laws facilitate the winding up of financial affairs. The laws of intestacy govern what happens to property if a person dies without a will. These are the “default rules.” If a person dies with a will, however, the will governs the distribution of his or her estate. A will can also designate guardians for minors, decide which person or company will administer the estate, and achieve tax savings. Despite the benefits of a will, 58% of American adults do not have one, leaving them with little input or control over what happens to their assets after death.
As more people leave behind only electronic records, it will become increasingly difficult to effectively administer estates. Current internet and financial privacy laws inhibit the probate process, because the prohibitions on disclosure of private information make it nearly impossible for executors to access electronic communications and financial information. Furthermore, establishing a succession plan for electronic assets seems to go “against every recommendation for good security practices,” because sharing passwords gives access prematurely—trading lifetime privacy interests for ease of estate in paying debts and distributing assets. Within the current framework, assets will remain frozen as executors attempt to locate and access financial assets held in online-only accounts.
This Note explores how federal financial and internet privacy laws affect the disclosure of a person’s private information after death and the challenge of accessing online financial accounts at that time. Recent scholarship on the digitalization of private life and its effects on probate focuses on nonfinancial assets, such as email, and the accompanying questions of ownership. This Note focuses on financial assets, which are unencumbered by ownership issues, yet implicate overlapping state and federal regulations. Part I explains the current framework of probate administration and how assets held in online-only accounts complicate the procedure. Part II explores how financial regulation and internet privacy laws focus on lifetime privacy without providing for access after death. Part III reviews early proposals that have fallen short, because they do not provide privacy and access when desired. Finally, Part IV offers solutions for how online-only financial assets should be treated under the laws of financial regulation, internet privacy, and wills and intestacy, and proposes ideas for working within the current framework in the meantime.