Can you imagine all of the things you’ll leave behind when your time is finally up? Heirlooms? Property? Other ‘tangibles’? Now just have a think about all of the digital assets you’re likely to leave for loved ones to manage. Email accounts, shared photos, passwords, playlists, social media profiles and smart devices. The difference is that these may be completely inaccessible once you’re gone, complicating what is already a traumatic process for friends and family. Worse, your digital estate might even be a target for nefarious actors.

It’s worth knowing exactly how to prepare and protect your digital legacy and what else you can do ahead of time to reduce the emotional and physical workload for your loved ones. And what happens next if you’re suddenly plunged into the same situation.

What does the law say?

One of the biggest challenges comes with social media and password management. While banks, tax agencies and card companies have well-rehearsed processes for dealing with the closure of accounts after death, many digital-first companies still treat death as an “edge case,” according to the OpenID Foundation. From a legal perspective, inheritance laws often don’t include digital assets, online policies can be “opaque” and tools fragmented, it says.

Here’s what the state of play is in three key regions:

  • United States: the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA) is meant to help in cases like this. But often it results in loved ones being forced to navigate what can be idiosyncratic platform terms of service (ToS).
  • United Kingdom: Experts warn that, unless they plan ahead, families are often left unable to access accounts because platform providers simply refuse. However, a proposed Property (Digital Assets, etc.) Bill aims to classify digital assets as personal property, ensuring they can be included in wills and subject to inheritance laws.
  • Europe: The European Law Institute is trying to harmonize laws across the region, so there are clear guidelines for inheriting digital remains and protecting the information in accounts.

What’s at risk?

For bereaved friends and family, the emotional sucker punch of losing a loved one can be cruelly amplified if they’re unable to retrieve the digital remains of the deceased. Even worse if social media algorithms surface unwanted reminders in the form of birthday notifications or tagged photos. There’s also a financial impact you can’t access crypto and other assets that are rightfully yours. Or if subscriptions you can’t cancel start whittling down your loved one’s funds.

But there’s more. Fraudsters have also spotted an opportunity to make money. First, they’ll scour obituaries and social media posts for personal details with which to impersonate the deceased in:

  • Attempts to deceive credit card companies into opening new lines of credit
  • Tax fraud, where returns are filed in the deceased’s name to claim refunds

The challenge for banks and government agencies is that, once the victim is not actively monitoring their accounts, this kind of fraud can continue for much longer than it would otherwise.

Alternatively, scammers might target the family of a recently departed individual. For example, they might scrape footage of them from the web to create posthumous deepfakes requesting money or information from shell-shocked relatives. Or they could hijack the deceased’s social accounts to do the same. They might even impersonate an insurance company to request payment of a fee in order to release life insurance funds. Or a fictitious “account recovery” service provider claiming they can access your loved one’s digital assets for a fee.

What you can do to manage risk

The first thing to do is get your estate planning in order, or sit down with a loved one to sort theirs. Make a digital inventory of all important accounts, devices and assets, including their logins. This could be complicated if they’re/you’re using passkeys and/or digital wallets to store passwords. But it’s a start.

It’s important to understand that, while most big tech companies offer the ability to transfer access to a “legacy contact,” if you don’t take advantage of this before passing on, the chances are that no one will be able to access your accounts. The main services/features are:

You should also be aware, however, that permissions for the above may be restricted, limiting what you can access and do once inside. But it should at least be possible to secure them, or shut them completely. That’s assuming you don’t need them to receive one-time passwords.

Next, mitigate financial fraud by filing the deceased’s tax return, putting a “deceased alert” on their credit reports across all bureaus, and monitoring for any unusual activity. Cancel their driver’s license and freeze their bank/credit card accounts, deleting them once safe to do so. Cancel any ongoing subscriptions you find.

Finally, avoid sharing too much information in the obituary as fraudsters may be monitoring. And be sure all friends and family members are alert to possible scams.

The worst of times

The above may be easier said than done, especially if you’re preoccupied by your own grief, and the multitude of things to do in the aftermath of a loved one’s passing. That’s why it’s important to plan ahead as much as possible, with legacy contact outreach to the major tech platforms. And to understand exactly what digital scams might look like at this emotionally charged time.

The OpenID Foundation is calling for action from policymakers, tech platforms and standards bodies to make the process easier, more watertight and less traumatic for survivors. But in the meantime, the best you can do will have to do. Even by talking about it, you’re taking a step in the right direction.