Digital Assets: The Estate Planning Gap Most Families Don’t See Coming

For many of us, our most important records, memories, financial information, and personal communications no longer exist in filing cabinets or safes. They exist online.

Email accounts contain tax records and financial statements. Phones contain photos, authentication apps, passwords, and family memories. Cloud storage may contain estate documents, business records, or cryptocurrency recovery information. Subscription services automatically renew. Social media accounts continue operating after death. Banking and investment accounts increasingly require digital verification methods.

Yet many of our estate plans still do not adequately address digital assets.

That gap can create major problems for our surviving spouses, children, trustees, executors, and other fiduciaries.

The legal framework designed to address these issues is called the Revised Uniform Fiduciary Access to Digital Assets Act, commonly known as RUFADAA. It attempts to balance two competing concerns: the privacy rights of the account owner and the legitimate administrative needs of fiduciaries and heirs. Importantly, RUFADAA does not automatically guarantee full access to someone’s digital life.

Why Does This Matter?

Many people assume surviving family members can simply contact a company and gain access to an account after someone dies. In practice, the experience can be extremely difficult.

Every company has its own terms of service, internal policies, documentation requirements, and privacy standards. Some providers are more cooperative than others. Some will only memorialize an account. Others may permanently delete data rather than provide access.

Even when family members have death certificates, probate documentation, and legal authority, providers may still deny access to account contents.

This can become a practical nightmare for survivors, especially if a provider cites its terms and conditions to deny access to critical information like a loved one’s email account. Losing access to email means being locked out of password reset, multi-factor authentication, security alert, tax document, billing notification, and account recovery messages, making it much harder to identify assets, locate subscriptions, recover online accounts, access financial records, determine recurring obligations, and obtain cryptocurrency information.

Crypto is particularly fraught with pitfalls, as missing information like wallet credentials, seed phrases, authentication apps, password vaults, or recovery emails can lead to the loss of accounts. Unlike traditional financial institutions, there may be no customer service department capable of restoring access, and millions of dollars of wealth have evaporated simply due to lost credentials.

RUFADAA: Legacy Contact & Estate Documentation

By granting specific permissions in advance, we can greatly ease access and management of our digital assets, which can be done by using native legacy contacts and updating our estate planning documents. 

Legacy Contacts

 A legacy contact is a person identified as the next owner of the account.  By naming a legacy contact within an online tool, we can determine who receives access, whether accounts are deleted, whether data is shared, and what information remains private. The most common legacy contacts include Google Inactive Account Manager, Apple Legacy Contact, Facebook Legacy Contact, and some password managers.

Under RUFADAA, permissions granted in online tools take priority over estate planning documents, so using them is a good first step in protecting our digital assets. It is also important to be aware of their limitations. For example, Apple has stated that Legacy Contacts do not receive access to Keychain passwords, payment information, licensed media, and certain encrypted data.

The Keychain limitation could be especially challenging if we rely on Apple as our primary password repository. This is one reason many professionals recommend using a dedicated password manager with a documented succession and recovery strategy instead of relying solely on device-based password storage.

Estate Planning Documents

 While legacy tools are helpful, only a handful of companies offer them. To grant access to the rest of our digital assets, we need to include explicit permission in our estate planning documents.

Many older wills, trusts, and powers of attorney were drafted before digital assets became central to modern life. These documents may contain broad language authorizing fiduciaries to manage “property” or “assets,” but never specifically address:

•  Digital assets

• Electronic communications

• Email content

• Cloud storage

• Online accounts

• Password management

• Cryptocurrency access

That omission matters. Federal privacy laws, particularly the Stored Communications Act (SCA), can limit a provider’s ability to disclose the content of electronic communications unless the user gave lawful consent.

As a result, many estate planning attorneys now recommend that wills, trusts, and powers of attorney should:

• Reference RUFADAA or applicable digital asset laws

• Grant express consent for disclosure of electronic communications

• Authorize fiduciaries to access, archive, transfer, modify, or delete digital assets

• Address digital accounts separately from traditional property

Digital Hygiene: Password Managers & Digital Inventory

While not specific to RUFADAA, password management has become one of the most important aspects of estate planning. A well-designed password strategy and account and device inventories can significantly reduce administrative burdens after death or incapacity. 

As noted above, there are limitations to device-based password managers.  Using a stand-alone password manager may provide more continuity, especially those providers who have their own legacy contact methods (see 1Password’s Emergency Kit or Roboform’s Emergency Access).

It is also helpful to maintain a list of important accounts, password recovery methods, devices (computers, tablets, phones, smart watches, fitness devices, etc.), authentication applications, and cryptocurrency storage procedures.

Conclusion

 Many families do not discover digital estate planning problems until they are already dealing with grief, probate administration, or incapacity.

By then, missing access credentials and restrictive provider policies can create costly and irreversible consequences.

Avoid these pitfalls by:

• Using legacy contacts, while recognizing their limitations.

• Ensuring estate documents have attorney-approved language related to RUFADAA and express consent to access digital assets.

• Using a stand-alone password manager and confirming survivors will be able to access it.

• Creating an inventory of digital assets, devices, and access methods.

The goal of digital estate planning is not to eliminate every challenge.

It is to reduce friction, improve recoverability, and give fiduciaries the legal authority necessary to manage an increasingly digital world.