BILL ANALYSIS �Ó
SENATE JUDICIARY COMMITTEE
Senator Hannah-Beth Jackson, Chair
2015-2016 Regular Session
AB 691 (Calderon)
Version: April 20, 2016
Hearing Date: May 3, 2016
Fiscal: No
Urgency: No
TMW
PURSUANT TO SENATE RULE 29.10
SUBJECT
Revised Uniform Fiduciary Access to Digital Assets Act
DESCRIPTION
This bill would establish the Revised Uniform Fiduciary Access
to Digital Assets Act (RUFADAA) and authorize a decedent's
personal representative or trustee (fiduciary) to access and
manage digital assets and electronic communications, as
specified. This bill would authorize a person to use an online
tool to give directions to the custodian of his or her digital
assets regarding the disclosure of those assets. This bill
would specify that, if a person has not used an online tool to
give that direction, he or she may give direction regarding the
disclosure of digital assets in a will, trust, power of
attorney, or other record.
This bill would require a custodian, as specified, of the
digital assets to comply with a fiduciary's request for
disclosure of digital assets or to terminate an account, except
under certain circumstances, including when the decedent has
prohibited this disclosure using the online tool. This bill
would make custodians immune from liability for an act or
omission done in good faith in compliance with these provisions.
BACKGROUND
In order to address privacy concerns with the use of computers
and other digital and electronic communications, Congress passed
the Electronic Communications Privacy Act of 1986 (ECPA) (18
U.S.C. Sec. 2510-22) to update the Federal Wiretap Act of 1968.
(The Electronic Communications Privacy Act of 1986 (ECPA),
Bureau of Justice Assistance, Office of Justice Programs, U.S.
Dept. of Justice (July 30, 2013) [as of Apr. 14,
2016].) The ECPA has been revised over the years by several
pieces of legislation, including the Uniting and Strengthening
America by Providing Appropriate Tools Required to Intercept and
Obstruct Terrorism Act of 2001 (USA Patriot Act), "to keep pace
with the evolution of new communications technologies and
methods, including easing restrictions on law enforcement access
to stored communications in some cases. . . . The ECPA, as
amended, protects wire, oral, and electronic communications
while those communications are being made, are in transit, and
when they are stored on computers. The [ECPA] applies to email,
telephone conversations, and data stored electronically." (Id.)
The ECPA reflects a general approach of providing greater
privacy protection for materials in which there are greater
privacy interests. (Id.)
Notably, the ECPA is primarily targeted at limiting government
access to private user information. However, this federal law
applies to communications sent or received by users and
restricts all access to the records and contents of those
communications, including access by an executor, administrator,
or trustee of a deceased user. California state law provides
specified discovery procedures for parties in civil actions,
which include estate and trust proceedings, to obtain documents
that are stored electronically. Those procedures were enacted
under AB 5 (Evans, Chapter 5, Statutes of 2009), which
established the Electronic Discovery Act.
However, internet service and electronic storage providers are
subject to both federal and state electronic communications
privacy laws, which may conflict when a person, other than the
user sending or storing electronic communications or the
recipient of an electronic communication, attempts to obtain the
records or contents of the electronic records and
communications. This is problematic when the executor,
administrator, or trustee (fiduciary) of a deceased user or
recipient is tasked with marshalling the decedent's assets and
liabilities in order to administer the decedent's trust or
estate. Since many individuals are now receiving invoices and
billing in electronic form as a way to go "paperless,"
performing many financial transactions online, as well as
primarily corresponding through electronic means, obtaining the
decedent's electronic communications may be the only way for the
fiduciary to determine the assets and liabilities of the
�
AB 691 (Calderon)
Page 3 of ?
decedent. By 2014, seven states had enacted laws to grant some
degree of access of a decedent's electronic communications to
fiduciaries.
In California, SB 849 (Anderson, 2014) would have authorized a
decedent's personal representative to request, and would have
authorized an electronic communication service or remote
computer service to provide, access to the electronic mail
account of a decedent or to copies of the content of the
account, subject to any applicable service agreement. SB 849
was held in this Committee after testimony was taken.
In July 2014, the National Conference of Commissioners on
Uniform State Laws (NCCUSL) approved the Uniform Fiduciary
Access to Digital Assets Act (UFADAA), which was recommended for
enactment in all states "to vest fiduciaries with the authority
to access, control, or copy digital assets and accounts[,] . . .
remove barriers to a fiduciary's access to electronic
records[,] and to leave unaffected other law, such as fiduciary,
probate, trust, banking, investment, securities, and agency
law." (NCCUSL, Uniform Fiduciary Access to Digital Assets Act
(Apr. 2, 2015) [as of Apr. 14, 2016] p. 1.)
UFADAA was recently revised to clarify the application of
federal privacy laws and give legal effect to an account
holder's instructions for the disposition of digital assets.
According to NCCUSL, the 2014 UFADAA provided fiduciaries with
default access to all digital information, but the revised act
(RUFADAA) protects the contents of electronic communications
from disclosure without the user's consent, and fiduciaries can
still access other digital assets unless prohibited by the user.
Prior versions of this bill would have enacted the Privacy
Expectation Afterlife and Choices Act, which is an alternative
approach to disclosure of a decedent's electronic information.
Recent amendments to the bill would adopt a modified version of
RUFADAA and establish procedures for a decedent's personal
representative or trustee to obtain digital assets and
electronic information from the custodian of those assets and
information.
CHANGES TO EXISTING LAW
�
AB 691 (Calderon)
Page 4 of ?
Existing law authorizes a decedent's personal representative or
the public administrator to take possession or control of all of
the decedent's property to be administered in the decedent's
estate, and requires the personal representative to take all
steps reasonably necessary for the management, protection, and
preservation of the estate in his or her possession. (Prob.
Code Secs. 7601(a), 7602, 9650(a)(1), (b).)
Existing law defines "fiduciary" to mean the decedent's personal
representative or the trustee of the decedent's trust. (Prob.
Code Sec. 16323.) Existing law defines "personal
representative" to mean the executor, administrator,
administrator with the will annexed, special administrator,
successor personal representative, public administrator, as
specified, or a person who performs substantially the same
function under the law of another jurisdiction governing the
person's status. (Prob. Code Sec. 58(a).)
Existing law provides that the personal representative has the
management and control of the estate and prescribes fiduciary
duties to the personal representative, including using ordinary
care and diligence in managing and controlling the decedent's
estate. (Prob. Code Sec. 9600.)
Existing law requires the personal representative to file with
the court clerk an inventory of property to be administered in
the decedent's estate together with an appraisal, which must be
filed within four months after letters are first issued to a
general personal representative; however, the court may allow
such further time for filing an inventory and appraisal as is
reasonable under the circumstances of the particular case.
(Prob. Code Sec. 8800.)
Existing law , if the personal representative refuses or
negligently fails to file an inventory and appraisal within the
time allowed, upon petition of an interested person, authorizes
the court to: (1) compel the personal representative to file an
inventory and appraisal; (2) remove the personal representative
from office; and (3) impose on the personal representative
personal liability, which may include attorney's fees, for
injury to the estate or to an interested person that directly
results from the refusal or failure. (Prob. Code Sec. 8804.)
�
AB 691 (Calderon)
Page 5 of ?
Existing law requires the account to include both a financial
statement and a report of administration, as specified, and
requires the statement of liabilities in the report of
administration to include information as to whether notice to
creditors was given, as specified, creditor claims were filed,
as specified, creditor claims were not paid, satisfied, or
adequately provided for, and whether any real or personal
property is security for a claim, whether by mortgage, deed of
trust, lien, or other encumbrance. (Prob. Code Sec. 10900.)
Existing law provides that if a report of status of
administration is made, the report must show the condition of
the estate, the reasons why the estate cannot be distributed and
closed, and an estimate of the time needed to close
administration of the estate. (Prob. Code Sec. 12201(a).) The
court is authorized to require the personal representative to
appear before the court to show the condition of the estate and
the reasons why the estate cannot be distributed and closed.
(Prob. Code Sec. 12202(a).)
Existing law authorizes a trustee or beneficiary of a trust to
petition the court concerning the internal affairs of the trust
or to determine the existence of the trust; proceedings
concerning the internal affairs of the trust include proceedings
to determine questions of construction of a trust instrument,
the existence or nonexistence of any immunity, power, privilege,
duty, or right, determining the validity of a trust provision,
ascertaining beneficiaries and determining to whom property
shall pass or be delivered upon final or partial termination of
the trust, to the extent the determination is not made by the
trust instrument, and settling the accounts and passing upon the
acts of the trustee, including the exercise of discretionary
powers. (Prob. Code Sec. 17200.)
Existing law , the Electronic Discovery Act (EDA), establishes
procedures, evidentiary privileges, and judicial review for the
request and production of electronically stored information, as
defined. (Code Civ. Proc. Secs. 1985.8, 2031.285.)
Existing law authorizes claims of evidentiary privilege on the
grounds that the matter sought to be disclosed is a
communication made in confidence in the course of the
lawyer-client, lawyer referral service-client,
physician-patient, psychotherapist-patient, clergy-penitent,
�
AB 691 (Calderon)
Page 6 of ?
husband-wife, sexual assault counselor-victim, domestic violence
counselor-victim, or human trafficking caseworker-victim
relationship, the communication is presumed to have been made in
confidence and the opponent of the claim of privilege has the
burden of proof to establish that the communication was not
confidential. (Evid. Code Sec. 917(a).) Further, a
communication between persons in one of these types of
relationships does not lose its privileged character for the
sole reason that it is communicated by electronic means or
because persons involved in the delivery, facilitation, or
storage of electronic communication may have access to the
content of the communication. (Evid. Code Sec. 917(b).)
Existing law makes document production provisions under the
Civil Discovery Act, which includes the EDA, applicable to civil
actions and trial courts in which the civil action is pending,
and defines "electronic" to mean relating to technology having
electrical, digital, magnetic, wireless, optical,
electromagnetic, or similar capabilities, and "electronically
stored information" to mean information that is stored in an
electronic medium. (Code Civ. Proc. Sec. 2016.020.)
Existing federal law , under the Electronic Communications
Privacy Act (ECPA), limits the disclosure by an electronic
communication service or remote computing service of electronic
communication of a user and provides definitions for "electronic
communication," "user," electronic communications system," and
"electronic communication service." (18 U.S.C. Sec. 2510 et
seq.)
Existing federal law , the Stored Communications Act (SCA),
defines "remote computing service" to mean the provision to the
public of computer storage or processing services by means of an
electronic communications system. (18 U.S.C. Sec. 2711(2).)
Existing federal law prohibits a person or entity providing an
electronic communication service to the public from knowingly
divulging to any person or entity the contents of a
communication while in electronic storage by that service, and
prohibits a person or entity providing remote computing service
to the public from knowingly divulging to any person or entity
the contents of any communication which is carried or maintained
on that service:
on behalf of, and received by means of electronic transmission
from (or created by means of computer processing of
�
AB 691 (Calderon)
Page 7 of ?
communications received by means of electronic transmission
from), a subscriber or customer of such service; and
solely for the purpose of providing storage or computer
processing services to such subscriber or customer, if the
provider is not authorized to access the contents of any such
communications for purposes of providing any services other
than storage or computer processing. (18 U.S.C. Sec.
2702(a)(1)-(2).)
Existing federal law also prohibits a provider of remote
computing service or electronic communication service to the
public from knowingly divulging a record or other information
pertaining to a subscriber or customer of such service (not
including the contents of communications) to any governmental
entity. (18 U.S.C. Sec. 2702(a)(3).)
Existing federal law authorizes disclosure of the content of
electronic communications to an addressee or intended recipient
of such communication or an agent of such addressee or intended
recipient, as otherwise authorized under ECPA or the SCA; or
with the lawful consent of the originator or an addressee or
intended recipient of such communication, or the subscriber in
the case of remote computing service. (18 U.S.C. Sec. 2702(b).)
Existing law authorizes disclosure of a record or other
information pertaining to a subscriber or customer of an
electronic communication service or remote computing service
(not including the contents of communications) as otherwise
authorized, with the lawful consent of the customer or
subscriber; or to any person other than a governmental entity.
(18 U.S.C. Sec. 2702(c).)
This bill would establish the Revised Uniform Fiduciary Access
to Digital Assets Act (RUFADAA), and provide the following
definitions:
"account" means an arrangement under a terms-of-service
agreement in which the custodian carries, maintains,
processes, receives, or stores a digital asset of the user or
provides goods or services to the user;
"carries" means engages in the transmission of electronic
communications;
"catalogue of electronic communications" means information
that identifies each person with which a user has had an
electronic communication, the time and date of the
�
AB 691 (Calderon)
Page 8 of ?
communication, and the electronic address of the person;
"content of an electronic communication" means information
concerning the substance or meaning of the communication,
which meets all of the following requirements:
o has been sent or received by a user;
o is in electronic storage by a custodian providing an
electronic communication service to the public or is
carried or maintained by a custodian providing a
remote-computing service to the public; and
o is not readily accessible to the public;
"court" means the superior court presiding over the probate
proceedings which have been initiated to administer the estate
of the deceased user, or, if none, the superior court sitting
in the exercise of jurisdiction in the county of the user's
domicile, and the court, as defined, would have exclusive
jurisdiction over proceedings brought under this bill;
"custodian" means a person that carries, maintains, processes,
receives, or stores a digital asset of a user;
"designated recipient" means a person chosen by a user using
an online tool to administer digital assets of the user;
"digital asset" means an electronic record in which an
individual has a right or interest, but does not include an
underlying asset or liability, unless the asset or liability
is itself an electronic record;
"electronic" means relating to technology having electrical,
digital, magnetic, wireless, optical, electromagnetic, or
similar capabilities;
"electronic communication" has the same meaning as the
definition in Section 2510(12) of Title 18 of the United
States Code;
"electronic communication service" means a custodian that
provides to a user the ability to send or receive an
electronic communication;
"fiduciary" means an original, additional, or successor
personal representative or trustee;
"information" means data, text, images, videos, sounds, codes,
computer programs, software, databases, or other items with
like characteristics;
"online tool" means an electronic service provided by a
custodian that allows the user, in an agreement distinct from
the terms-of-service agreement between the custodian and user,
to provide directions for disclosure or nondisclosure of
digital assets to a third person;
"person" means an individual, estate, business or nonprofit
�
AB 691 (Calderon)
Page 9 of ?
entity, public corporation, government or governmental
subdivision, agency, or instrumentality, or other legal
entity;
"personal representative" means an executor, administrator,
special administrator, or person that performs substantially
the same function under any other law;
"power of attorney" means a record that grants an agent
authority to act in the place of the principal;
"record" means information that is inscribed on a tangible
medium or that is stored in an electronic or other medium and
is retrievable in a perceivable form;
"remote-computing service" means a custodian that provides to
a user computer processing services or the storage of digital
assets by means of an electronic communications system, as
defined in Section 2510(4) of Title 18 of the United States
Code;
"terms-of-service agreement" means an agreement that controls
the relationship between a user and a custodian;
"trustee" means a fiduciary with legal title to property under
an agreement or declaration that creates a beneficial interest
in another, and this term includes a successor trustee;
"user" means a person that has an account with a custodian;
and
"will" includes a codicil, a testamentary instrument that only
appoints an executor, or an instrument that revokes or revises
a testamentary instrument.
This bill would apply to: (1) a fiduciary acting under a will
executed before, on, or after January 1, 2017; (2) a personal
representative acting for a decedent who died before, on, or
after January 1, 2017; (3) a trustee acting under a trust
created before, on, or after January 1, 2017; and (4) a
custodian of digital assets for a user if the user resides in
this state or resided in this state at the time of the user's
death.
This bill would not apply to a digital asset of an employer used
by an employee in the ordinary course of the employer's
business.
This bill would authorize a user to use an online tool to direct
the custodian to disclose to a designated recipient or not
disclose some or all of the user's digital assets, including the
content of electronic communications.
�
AB 691 (Calderon)
Page 10 of ?
This bill would provide that, if the online tool allows the user
to modify or delete a direction at all times, a direction
regarding disclosure using an online tool would override a
contrary direction by the user in a will, trust, power of
attorney, or other record.
This bill would provide that if a user has not used an online
tool to give direction or if a custodian has not provided an
online tool, a user may allow or prohibit in a will, trust,
power of attorney, or other record the disclosure to a fiduciary
of some or all of the user's digital assets, including the
contents of electronic communications sent or received by the
user.
This bill would specify that a user's direction through the
online tool or testamentary document would override a contrary
provision in a terms-of-service agreement that does not require
the user to act affirmatively and distinctly from the user's
assent to the terms-of-service agreement.
This bill would not change or impair a right of a custodian or a
user under a terms-of-service agreement to access and use
digital assets of a user, and does not give a fiduciary or
designated recipient any new or expanded rights other than those
held by the user for whom, or for whose estate or trust, the
fiduciary or designated recipient acts or represents.
This bill would provide that a fiduciary's or designated
recipient's access to digital assets may be modified or
eliminated by a user, by federal law, or by a terms-of-service
agreement when the user has not provided any direction, as
specified.
This bill , when disclosing the digital assets of a user, would
authorize the custodian, in its sole discretion, to do any of
the following:
grant the fiduciary or designated recipient full access to the
user's account;
grant the fiduciary or designated recipient partial access to
the user's account sufficient to perform the tasks with which
the fiduciary or designated recipient is charged; and
provide the fiduciary or designated recipient with a copy in a
record of any digital asset that, on the date the custodian
�
AB 691 (Calderon)
Page 11 of ?
received the request for disclosure, the user could have
accessed if the user were alive and had full capacity and
access to the account.
This bill would authorize a custodian to assess a reasonable
administrative charge for the cost of disclosing digital assets
and would not require a custodian to disclose a digital asset
deleted by a user.
This bill would provide that if a user directs or a fiduciary or
designated recipient requests a custodian to disclose some, but
not all, of the user's digital assets, the custodian need not
disclose the assets if segregation of the assets would impose an
undue burden on the custodian.
This bill , if the custodian believes the direction or request
imposes an undue burden, would authorize the custodian,
fiduciary, or designated recipient to petition the court for an
order to do any of the following: (1) disclose a subset limited
by date of the user's digital assets; (2) disclose all of the
user's digital assets to the fiduciary or designated recipient;
(3) disclose none of the user's digital assets; and (4) disclose
all of the user's digital assets to the court for review in
camera.
This bill , if a deceased user consented to or a court directs
disclosure of the content of electronic communications of the
user, would require the custodian to disclose to the personal
representative of the estate of the user the content of an
electronic communication sent or received by the user if the
personal representative gives to the custodian all of the
following documentation:
a written request for disclosure in physical or electronic
form;
a certified copy of the death certificate of the user;
a certified copy of the letter of appointment of the
representative, a small-estate affidavit, as specified, or
court order;
unless the user provided direction using an online tool, a
copy of the user's will, trust, power of attorney, or other
record evidencing the user's consent to disclosure of the
content of electronic communications; and
if requested by the custodian, any of the following:
o a number, user name, address, or other unique subscriber
�
AB 691 (Calderon)
Page 12 of ?
or account identifier assigned by the custodian to identify
the user's account;
o evidence linking the account to the user; and
o an order of the court finding any of the following: (1)
that the user had a specific, identifiable account with the
custodian; (2) that disclosure of the content of the user's
electronic communications would not violate Chapter 121
(commencing with Section 2701) of Part 1 of Title 18 of,
and Section 222 of Title 47 of, the United State Code, or
other applicable law; (3) unless the user provided
direction using an online tool, that the user consented to
disclosure of the content of electronic communications; and
(4) that disclosure of the content of electronic
communications of a user is reasonably necessary for estate
administration.
This bill , unless the user prohibited disclosure of digital
assets or the court directs otherwise, would require a custodian
to disclose to the personal representative of the estate of a
deceased user a catalogue of electronic communications sent or
received by the user and digital assets, other than the content
of electronic communications, of the user, if the personal
representative gives to the custodian specified documentation.
This bill , unless otherwise ordered by the court, directed by
the user, or provided in a trust, would require a custodian to
disclose to a trustee that is not an original user of an account
the content of an electronic communication sent or received by
an original or successor user and carried, maintained,
processed, received, or stored by the custodian in the account
of the trust if the trustee gives to the custodian specified
documentation.
This bill , unless otherwise ordered by the court, directed by
the user, or provided in a trust, would require a custodian to
disclose, to a trustee that is not an original user of an
account, the catalogue of electronic communications sent or
received by an original or successor user and stored, carried,
or maintained by the custodian in an account of the trust and
any digital assets, other than the content of electronic
communications, in which the trust has a right or interest if
the settlor of the trust is deceased and the trustee gives to
the custodian specified documentation.
�
AB 691 (Calderon)
Page 13 of ?
This bill would provide that the legal duties imposed on a
fiduciary charged with managing tangible property apply to the
management of digital assets, including all of the following:
(1) the duty of care; (2) the duty of loyalty; and (3) the duty
of confidentiality.
This bill would make all of the following applicable to a
fiduciary's or designated recipient's authority with respect to
a digital asset of a user:
except as otherwise specified, a fiduciary's or designated
recipient's authority is subject to the applicable
terms-of-service agreement;
a fiduciary's or designated recipient's authority is subject
to other applicable law, including copyright law;
in the case of a fiduciary, a fiduciary's authority is limited
by the scope of the fiduciary's duties; and
a fiduciary's or designated recipient's authority may not be
used to impersonate the user.
This bill would provide that a fiduciary with authority over the
property of a decedent or settlor has the right of access to any
digital asset in which the decedent or settlor had a right or
interest and that is not held by a custodian or subject to a
terms-of-service agreement.
This bill would specify that a fiduciary acting within the scope
of the fiduciary's duties is an authorized user of the property
of the decedent or settlor for the purpose of applicable
computer-fraud and unauthorized-computer-access laws.
This bill would provide that a fiduciary with authority over the
tangible, personal property of a decedent or settlor has the
right to access the property and any digital asset stored in it
and is an authorized user for purposes of any applicable
computer-fraud and unauthorized-computer-access laws.
This bill would authorize a custodian to disclose information in
an account to a fiduciary of the decedent or settlor when the
information is required to terminate an account used to access
digital assets licensed to the user.
This bill would authorize a fiduciary of a decedent or settlor
to request a custodian to terminate the user's account, but the
request for termination must be in writing, in either physical
�
AB 691 (Calderon)
Page 14 of ?
or electronic form, and accompanied by specified documentation.
This bill , not later than 60 days after receipt of the
information required, as specified, would require a custodian to
comply with a request from a fiduciary or designated recipient
to disclose digital assets or terminate an account; if the
custodian fails to comply with a request, the fiduciary or
designated recipient would be authorized to apply to the court
for an order directing compliance.
This bill would require the court order directing complaint to
contain a finding that compliance is not in violation of Section
2702 of Title 18 of the United States Code.
This bill would authorize a custodian to notify a user that a
request for disclosure of digital assets or to terminate an
account was made.
This bill would authorize a custodian to deny a request from a
fiduciary or designated recipient for disclosure of digital
assets or to terminate an account if the custodian is aware of
any lawful access to the account following the date of death of
the user.
This bill would not limit a custodian's ability to obtain or to
require a fiduciary or designated recipient requesting
disclosure or account termination to obtain a court order that
makes all of the following findings:
the account belongs to the decedent, principal, or trustee;
there is sufficient consent from the decedent, principal, or
settlor to support the requested disclosure; and
any specific factual finding required by any other applicable
law in effect at that time, including, but not limited to, a
finding that disclosure is not in violation of Section 2702 of
Title 18 of the United States Code.
This bill would make a custodian and its officers, employees,
and agents immune from liability for an act or omission done in
good faith and compliance with the RUFADAA.
This bill would require, in applying and construing the RUFADAA,
which is based upon a uniform act, consideration to be given to
the need to promote uniformity of the law with respect to its
subject matter among states that enact similar acts.
�
AB 691 (Calderon)
Page 15 of ?
This bill would specify that it modifies, limits, or supersedes
the federal Electronic Signatures in Global and National
Commerce Act (E-SIGN) (15 U.S.C. Sec. 7001 et seq.), but does
not modify, limit, or supersede Section 101(c) of that act (15
U.S.C. Sec. 7001(c)) or authorize electronic delivery of any of
the notices described in Section 103(b) of that act (15 U.S.C.
Sec. 7003(b)).
This bill would make disclosure of the contents of the deceased
user's or settlor's account to a fiduciary of the deceased user
or settlor subject to the same license, restrictions, terms of
service, and legal obligations, including copyright law, that
applied to the deceased user or settlor.
This bill would specify that if any provision or application of
the RUFADAA to any person or circumstance is held invalid, the
invalidity does not affect other provisions or applications of
the RUFADAA that can be given effect without the invalid
provision or application, and, to this end, the provisions of
the RUFADAA are severable.
COMMENT
1. Stated need for the bill
The author writes:
Prior to the digital age, the memorabilia of our lives was
stored in a cardboard box in our parent's attic or under their
bed. Today, a significant portion of the information about
our lives is kept online on our personal accounts. Whether
it's Facebook, Twitter, YouTube or even email, the information
stored online are today's version of the photo albums, videos,
and hand-written journals of yesterday.
Most people expect the contents of these online communications
to remain private, even after they pass away; it's likely the
recipients of those messages likely expect the same.
According to a recent Zogby poll, over 70 [percent] of
Americans say their private online communications and photos
should remain private after they die, unless they gave prior
consent for others to access. Only 15 [percent] say that
estate attorneys should control their private communications
and photos, even if they gave no prior consent for sharing.
�
AB 691 (Calderon)
Page 16 of ?
With no statute currently in place in California protecting
the online information of the newly deceased, families are
left responsible for accessing their loved ones information,
often times causing unnecessary financial and emotional
burdens' during a time that is already painfully difficult.
AB 691 addresses this issue by striking a balance between
providing a clear path for fiduciaries to access relevant
information to handle the deceased person's estate, while
respecting the privacy choices of not just the deceased person
but those with whom the deceased was communicating.
2. Digital assets
With the explosion of the various uses of the Internet,
including electronic communication through email, social media
Internet Web sites, blogs, and electronic media purchases
through such Internet Web sites as iTunes and Amazon.com,
questions regarding ownership and access to those "digital
assets" upon death or incapacity are becoming more common.
According to the National Conference of Commissions on Uniform
State Laws (NCCUSL), these digital assets, which range from
online gaming items to photos, to digital music, to clients,
have real value: American consumers valued their digital
assets, on average, at almost $55,000. (NCCUSL, Draft of
Fiduciary Access to Digital Assets Act (Apr. 10, 2014), p. 1,
citing Green, Passing Down Digital Assets, Wall Street Journal
(Aug. 31, 2012) [as of Apr. 16, 2016].) The ability of a
personal representative to gain access or control over those
digital assets is unclear and is subject to both federal privacy
and computer "hacking" laws as well as state probate law.
As the author points out, recent polls show that individuals
want their private online communications and photographs to
remain private after they die, unless they have provided consent
for someone else to access this content. Online content posted
or transmitted by Internet users raises a host of legal issues,
including user ownership of digital assets and privacy
protection for Internet users. When someone dies, three
particular issues rise to the surface - access to the deceased
user's (decedent) electronic communications and digital assets,
�
AB 691 (Calderon)
Page 17 of ?
control of the decedent's electronic communications, online
financial accounts and digital assets, and disclosure by the
providers of electronic communication and remote computing
services (custodian) of the decedent's online content.
Complicating these issues are the terms of service agreements
that most Internet service providers and Internet Web sites
require their users to agree to in order to use these services
and sites. For example, Yahoo's terms of service provide that
the user's account is non-transferable and any rights to user's
Yahoo ID or contents within the account terminate upon the
user's death. (Yahoo, Terms of Service, General Information, No
Right of Survivorship and Non-Transferability [as of July 4,
2015].) On the other hand, Microsoft provides a "Next of Kin"
process that allows the content, including all emails and
attachments thereto, in the user's Outlook account to be
released to the user's next of kin following an authentication
process, after which the account contents are released by way of
a data DVD shipped to the next of kin. (Microsoft, Next of Kin
Process for Outlook.com [as of Apr. 16, 2016].)
SB 849 (Anderson, 2014) attempted to address these issues
regarding the digital assets of decedents and would have
provided a personal representative access to a decedent's
electronic mail account, as well as access to copies of the
content of the account, subject to the applicable terms of
service agreement. When SB 849 was reviewed by this Committee,
the complex issues of digital assets were considered, including
what is a digital asset, and how can the decedent's fiduciary
marshal all of the decedent's assets when the types of digital
assets continues to expand and there is no comprehensive
definition as to what may be considered a digital asset (i.e.,
original emails, bitcoin, credits purchased on Facebook, blog
content, digital music, etc.).
This bill would resolve those issues by defining a digital asset
to mean an electronic record in which an individual has a right
or interest, but would not include an underlying asset or
liability, unless the asset or liability is itself an electronic
record. Further, the scope of this bill is limited and only
applies to electronic information being requested from the
custodians of the digital assets by a decedent's personal
�
AB 691 (Calderon)
Page 18 of ?
representative, administrator, executor, or trustee (fiduciary)
for the purpose of ascertaining the decedent's assets and
liabilities.
3. Revised Uniform Fiduciary Access to Digital Assets Act
(RUFADAA)
This bill would enact the RUFADAA and provide procedures through
which a decedent's fiduciary could obtain access to, or a
catalogue or content of, the decedent's digital assets from the
custodian of those digital assets. According to NCCUSL:
The purpose of the [RUFADAA] is twofold. First, it gives
fiduciaries the legal authority to manage digital assets and
electronic communications in the same way they manage tangible
assets and financial accounts, to the extent possible.
Second, it gives custodians of digital assets and electronic
communications legal authority to deal with the fiduciaries of
their users, while respecting the user's reasonable
expectation of privacy for personal communications. The
general goal of the act is to facilitate fiduciary access and
custodian disclosure while respecting the privacy and intent
of the user. It adheres to the traditional approach of trusts
and estates law, which respects the intent of an account
holder and promotes the fiduciary's ability to administer the
account holder's property in accord with legally-binding
fiduciary duties. The act removes barriers to a fiduciary's
access to electronic records and property and leaves
unaffected other law, such as fiduciary, probate, trust,
banking, investment securities, agency, and privacy law.
(NCCUSL, Revised Uniform Fiduciary Access to Digital Assets
Act (2015) (Mar. 8, 2015) [as of Apr. 16, 2016] p. 1.)
Although the RUFADAA, approved for use in all 50 states, would
apply to personal representatives of decedents' estates,
conservators for protected persons and individuals, agents
acting pursuant to a power of attorney, and trustees, this bill
would adopt a modified version of RUFADAA and would not provide
for conservator access to a conservatee's digital assets.
NCCUSL states that the RUFADAA was recently approved and
represents a consensus reached among stakeholders, including
�
AB 691 (Calderon)
Page 19 of ?
technology firms, privacy advocates, bankers, and the trust and
estate bar. NCCUSL asserts that the "consensus was the result
of a concerted effort by all parties over the last few months to
agree on a reasonable regulatory framework that will balance the
privacy interests of internet users with the need for
fiduciaries to perform their tasks and ensure the orderly
transfer of a decedent's assets to heirs. It gives legal effect
to an internet user's wishes when they are known, and provides
reasonable default rules that apply if the user has not
expressed a contrary intent. The act represents the best
opportunity to enact uniform legislation for an industry that
operates in every state." RUFADAA has been formally endorsed by
the Association of American Retired Persons (AARP), the Center
for Democracy and Technology, Facebook, Google, and the National
Academy of Elder Law Attorneys. (NCCUSL, Legislative Fact Sheet
- Revised Uniform Fiduciary Access to Digital Assets Act (2015)
[as of Apr.
16, 2016].)
To date, 10 states (Colorado, Florida, Idaho, Indiana, Michigan,
Oregon, Tennessee, Washington, Wisconsin, and Wyoming) have
enacted RUFADAA, and at least 18 other states have introduced
RUFADAA legislation this year. (NCCUSL, Fiduciary Access to
Digital Assets Act, Revised (2015)
[as of Apr. 16, 2016].)
4. Terms of service agreements
This bill would not change or impair a right of a custodian or a
user under a terms-of-service agreement to access and use
digital assets of a user, and does not give a fiduciary or
designated recipient any new or expanded rights other than those
held by the user for whom, or for whose estate or trust, the
fiduciary or designated recipient acts or represents. This bill
would provide that a fiduciary's or designated recipient's
access to digital assets may be modified or eliminated by a
user, by federal law, or by a terms-of-service agreement when
the user has not provided any direction, as specified.
As discussed under Comment 2, provider terms of service
agreements establish varying degrees of release of account
�
AB 691 (Calderon)
Page 20 of ?
content. Some providers state that upon the user's death, the
account contents are non-transferrable, while others provide
some degree of content disclosure to family of the deceased
user. These terms of service agreements may also include choice
of law and forum clauses that limit the user's ability to file
an action against the electronic information provider. For
example, Yahoo specifies that any and all claims, causes of
action or disputes (regardless of theory) arising out of or
relating to the terms of service, or the relationship between
the user and Yahoo, shall be brought exclusively in the courts
located in the county of Santa Clara, California or the U.S.
District Court for the Northern District of California. (Yahoo,
Terms of Service, General Information, Choice of Law and Forum
[as of Apr. 16, 2016].)
Although the terms of service agreement may provide a choice of
law or forum clause, this bill specifically permits, pursuant to
the definition of "court" provided in this bill, the decedent's
fiduciary to file an action to compel disclosure of digital
assets in the superior court presiding over the probate
proceedings initiated to administer the decedent's estate or, if
none, the superior court in the county of the decedent's
domicile.
5. Privacy protections
This bill would provide protections for a deceased user's
private electronic communications by establishing the
circumstances under which the custodian of the electronic
communications could disclose those communications. This bill
would establish a three-tier priority system for determining the
user's intent for disclosure of his or her electronic
communications.
First in priority, the bill would authorize disclosure pursuant
to the user's designation through an online tool. This tool
would provide the most current reflection of the user's intent
for disclosure to another person. Second, the user can provide
directions in an estate plan for the disposition of the user's
digital assets. The custodian would then be able to rely on the
testamentary document containing these disclosure instructions,
which would then have legal effect pursuant to this bill.
�
AB 691 (Calderon)
Page 21 of ?
If the user did not provide any direction regarding disclosure
of digital assets, the terms-of-service governing the account
would apply. If the terms-of-service do not address fiduciary
access to digital assets, the default rules provided in the bill
would apply. (NCCUSL, Revised Uniform Fiduciary Access to
Digital Assets Act (2015) (Mar. 8, 2015)
[as of
Apr. 16, 2016] p. 11.)
6. Fiduciary duties
A decedent's fiduciary has a duty to the decedent to execute the
terms of the decedent's testamentary documents. The fiduciary
is also subject to multiple statutory duties, including care and
loyalty, to the beneficiaries of the decedent's estate or trust.
A decedent's fiduciary is also required to keep the
beneficiaries reasonably informed and fully disclose all
material information necessary to protect the beneficiaries'
interests. In addition to the duties of care and loyalty, this
bill would also establish the fiduciary's duty of
confidentiality.
As stated by the author, most people expect the contents of
their electronic communications to remain private after they
pass away, and the recipients and senders of those messages
likely expect the same. To the extent the decedent limits
access to his or her electronic information so that the
information is only disclosable to or accessible by the
fiduciary, either through the online tool or pursuant to
testamentary documents, this bill inherently incorporates the
decedent's expectation that the fiduciary will maintain the
decedent's confidentiality upon receiving the electronic
information.
Arguably, the duty of confidentiality provision goes to the
heart of the privacy concerns this bill seeks to address. Since
the fiduciary would only be able to receive the content of or
access to the electronic communications pursuant to the
decedent's online designation, authorization in a testamentary
document, or by court order for the purpose of administering the
decedent's trust or estate, this provision effectively resolves
much of the concern regarding disclosure of the decedent's
confidential electronic communications. However, the duty of
�
AB 691 (Calderon)
Page 22 of ?
confidentiality may conflict with the fiduciary's duty to
disclose material information to the beneficiaries. In the
event the beneficiaries seek information obtained by the
fiduciary from the custodian that the fiduciary believes is
confidential and not pertinent to the administration of the
estate or the trust, the fiduciary could petition the court for
instructions on whether the fiduciary has to disclose the
information to the beneficiaries.
7. Custodian immunity from liability
This bill would make a custodian and its officers, employees,
and agents immune from liability for an act or omission done in
good faith and compliance with the RUFADAA. According to
comments pertaining to this provision provided in RUFADAA:
This section establishes that custodians are protected from
liability when they act in accordance with the procedures of
this act and in good faith. The types of actions covered
include disclosure as well as transfer of copies. The
critical issue in conferring immunity is the source of the
liability. Direct liability is not subject to immunity;
indirect liability is subject to immunity.
Direct liability could only arise from noncompliance with a
judicial order issued under sections 7 to 15. Upon
determination of a right of access under those sections, a
court may issue an order to grant access under section 16.
Section 16(b) requires that an order directing compliance
contain a finding that compliance is not in violation of 18
U.S.C. Section 2702. Noncompliance with that order would give
rise to liability for contempt. There is no immunity from
this liability.
Indirect liability could arise from granting a right of access
under this act. Access to a digital asset might invade the
privacy or [] harm the reputation of the decedent, protected
person, principal, or settlor, it might harm the family or
business of the decedent, protected person, principal, or
settlor, and it might harm other persons. The grantor of
access to the digital asset is immune from liability arising
out of any of these circumstances if the grantor acted in good
faith to comply with this act. If there is a judicial order
under section 16, compliance with the order establishes good
�
AB 691 (Calderon)
Page 23 of ?
faith. Absent a judicial order under section 16, good faith
must be established by the grantor's assessment of the
requirements of this act.
Further, Section 16 (e) allows the custodian to verify that
the account belongs to the person represented by the
fiduciary. (NCCUSL, Revised Uniform Fiduciary Access to
Digital Assets Act (2015) (Mar. 8, 2015)
[as of Apr. 16, 2016] p. 30.)
Accordingly, the intent of the custodian immunity provided in
this bill is to protect the custodian from liability for
disclosure of a digital asset as long as the custodian was
acting in good-faith compliance with a judicial order requiring
disclosure of the digital assets. On the other hand, these
comments make clear that the custodian would not be immune from
direct liability due to noncompliance with a judicial order.
8. Electronic signatures
This bill establishes procedures relevant to electronic records.
The Electronic Signatures in Global and National Commerce Act
(E-SIGN) (15 U.S.C. Sec. 7001 et seq.) establishes legal parity
between electronic records and signatures and their paper and
ink counterparts. (R. A. Wittie, J. K. Winn, Electronic Records
and Signatures Under the Federal E-SIGN Legislation and the UETA
[as of Apr.
16, 2016].) To the extent a state law effectively deviates from
E-SIGN's requirements for electronic transactions, E-SIGN
provides a two-prong approach for an exemption to preemption of
the state law. The second prong, relevant to this bill,
requires all of the following:
the alternative procedures or requirements are consistent with
E-SIGN;
as compared to E-SIGN, those procedures or requirements do not
require or give greater legal status or effect to
implementation or application of a specific technology or
technical specification for the functions of creating,
storing, generating, receiving, communicating, or
authenticating electronic records or electronic signatures;
and
the state law specifically refers to E-SIGN. (15 U.S.C. Sec.
�
AB 691 (Calderon)
Page 24 of ?
7002(a)(2).)
After the enactment of E-SIGN, NCCUSL took steps to protect its
uniform laws from E-SIGN preemption claims. To meet the second
prong of E-SIGN's preemption test and provide a defense against
such claims, NCCUSL created a standard provision (known as "the
Standard Section") for its uniform acts that provide for
electronic records, agreements, or signatures. The Standard
Section has already been included in a number of uniform acts
enacted by California, and is also included in this bill.
(Study L-750, Staff Memorandum 2013-14, Uniform Adult
Guardianship and Protective Proceedings Jurisdiction Act:
E-SIGN (Mar. 28, 2013) Cal. Law Revision Comm.
[as of Apr. 16,
2016] pp. 7-9.)
9. Opposition's concerns
A coalition of privacy stakeholders are opposed to this bill and
argue that the prior version of the bill, which would have
adopted a different approach to the same problem by establishing
the Privacy Expectation Afterlife and Choices Act (PEAC), was
superior to the current version of the bill. The opposition
states that, despite repeated requests and inquiries since last
September, they were not included in any subsequent discussions
of the bill. As a result, the opposition contends that serious
privacy implications have not been adequately considered or
addressed. The opposition urges the author to amend the bill
to: (1) require fiduciaries to specify the account for which
they are requesting records and provide an affidavit to the
custodian that the disclosure of the user's digital assets is
reasonably necessary for estate administration; (2) clarify
accessibility to the decedent's account or digital assets; (3)
clarify several definitions, including custodian, which is
currently overbroad and could apply to public libraries that
provide computers for public use; and (4) clarify that the bill
does not require a custodian to access a password protected or
encrypted account where the custodian does not already have such
access.
Support : AOL; California Bankers Association; California
Chamber of Commerce; CompTIA; Google; Internet Association;
State Privacy and Security Coalition, Inc.; Yahoo
�
AB 691 (Calderon)
Page 25 of ?
Opposition : American Civil Liberties Union of California;
Consumer Federation of California; Consumer Watchdog; Electronic
Frontier Foundation; Privacy Rights Clearinghouse
HISTORY
Source : Facebook; TechNet
Related Pending Legislation : None Known
Prior Legislation :
SB 849 (Anderson, 2014) See Background.
AB 5 (Evans, Chapter 5, Statutes of 2009) See Background.
Prior Vote :
Senate Judiciary Committee (Ayes 7, Noes 0)
Senate Judiciary Committee (Ayes 6, Noes 0)
Assembly Floor (Ayes 79, Noes 0)
Assembly Privacy and Consumer Protection Committee (Ayes 11,
Noes 0)
Assembly Judiciary Committee (Ayes 10, Noes 0)
**************