Update: UFADAA Takes Effect, EU US Safe Harbor, and the Defend Trade Secrets Act
The Act is intended to address the treatment of “digital assets” upon the death, incapacity or absence of the persons who own such assets. The classic example is the Facebook account that persists upon the death of the named account holder (there are reportedly 30 million such accounts containing photos, videos and communications that belong to persons who have died). Millions of individuals in Washington State have some type of online account. These accounts are used to communicate, pay bills, conduct business, create online personalities, and even date. Because many individuals protect such accounts by limiting access to themselves only, accounts with protected passwords can create problems when the account holder dies because no one has access to the passwords.
As a result, the state legislature adopted UFADAA to control access to such digital assets in the event of death, incapacity, or absence, including online accounts and information, documents, or media stored on one’s computer. These include photos, videos, music, medical records, legal or financial documents, web sites, blogs, social media accounts, banking information, business accounts, software (Word, Excel, Turbo Tax, Quicken); stored information on a hard drives, backup drives, CD, DVD, or thumb drive; online e-mail, bank, brokerage, financial, shopping, and travel accounts; and online gaming pieces, photos, digital music, client lists, bitcoin, and even digital art.
Businesses that are custodians of other people’s digital assets should establish policies regarding the preservation/destruction and possible disclosure of digital assets upon the death, absence or incapacity of the owners. UFADAA includes a tiered approach (described below) whereby account holders and custodians are free to override statutory presumptions through the use of an online tool, allowing custodians to charge the reasonable cost of providing records to those requesting them.
In case of conflicting instructions regarding management and disposition of digital assets, the act provides a three-tiered system of priorities:
If the custodian provides an online tool, separate from the general terms of service, that allows the user to name another person to have access to the user’s digital assets or to direct the custodian to delete the user’s digital assets, UFADAA gives effect to the user’s online instructions.
If the custodian does not provide an online planning option, or if the user declines to use the online tool provided, the user may give legally enforceable directions for the disposition of digital assets in a will, trust, power of attorney, or other written record.
If the user has not provided any direction, either online or in a traditional estate plan, the terms of service for the user’s account will determine whether a fiduciary may access the user’s digital assets. If the terms of service do not address fiduciary access, the default rules of UFADAA will apply.
In effect, if an online tool is made available and used by the account holder, it trumps all other directions regarding the preservation and disposition of digital assets.
UFADAA balances the user’s privacy interest with the fiduciary’s need for access by making a distinction between the “content of electronic communications,” the “catalogue of electronic communications,” and other types of digital assets.
The content of electronic communications includes the subject line and body of a user’s email messages, text messages, and other messages between private parties. A fiduciary may never access the content of electronic communications without the user’s consent or court order. When necessary, a fiduciary may have a right to access a catalogue of the user’s electronic communications – essentially a list of communications showing the addresses of the sender and recipient, and the date and time the message was sent.
For example, the executor of a decedent’s estate may need to access a catalogue of the decedent’s communications in order to compile an inventory of estate assets. If the executor finds that the decedent received a monthly email message from a particular bank or credit card company, the executor can contact that company directly and request a statement of the decedent’s account.
The Act does not grant employees any rights over digital assets of an employer used in the ordinary course of the employer’s business. However, it is important for employers to draft and enforce procedures governing the creation and maintenance of online accounts by employees that may contain developments (such as software, video, music, web sites, graphics, architectural drawings, photos), documents and online accounts, (such as Twitter and Facebook). Otherwise, employers may find their digital assets being disclosed and possibly distributed to their employees’ and contractors’ fiduciaries.
Under the Act, a fiduciary is a trusted person with the legal authority to manage another’s property, and the duty to act in that person’s best interest. The revised Act addresses four common types of fiduciaries:
Executors or administrators of deceased persons’ estates (think “family member” of the account holder);
Court-appointed guardians or personal representatives of incapacitated persons’ estates (again, often family members);
Agents appointed under powers of attorney; and (general Powers of Attorney are often drawn up for family members when they will be out of the country or hard to reach)
Trustees.
Under revised UFADAA Section 15, fiduciaries are subject to the same fiduciary duties that normally apply to tangible assets. Thus, for example, an executor may not publish the decedent’s confidential communications or impersonate the decedent by sending email from the decedent’s account. A fiduciary’s management of digital assets may also be limited by other law. For example, a fiduciary may not copy or distribute digital files in violation of copyright law, and may not exceed the user’s authority under the account’s terms of service.
In order to gain access to digital assets, revised UFADAA requires a fiduciary to send a request to the custodian, accompanied by a certified copy of the document granting fiduciary authority, such as a letter of appointment, court order, or certification of trust. Custodians of digital assets that receive an apparently valid request for access are immune from any liability for acts done in good faith compliance.
Privacy – EU-US Safe Harbor
The European Commission has approved the new trans-Atlantic data transfer framework called Privacy Shield and the Commerce Department will begin accepting Certifications August 1. Companies that transfer personally identifying information (PII) regarding EU citizens to the US must comply with the terms of this framework (or Binding Corporate Rules). This is a replacement of the Safe Harbor framework which was struck down in October of last year.
The Commerce Department will begin accepting certifications from US Companies on August 1. Under the completed deal, companies will have to delete personally identifying data that no longer serves the purpose it was collected for and will oblige third party companies processing data from Privacy Shield firms to guarantee the same level of protection as the companies who have directly signed up to the framework.
[Even with the agreed changes, the new framework is likely to be tested in court, and it may take several years to determine that the agreement has fully “settled.”]
In light of Brexit, the U.K. is likely to have to mirror much of the legislation in its own data-sharing pacts with the U.S. and the E.U., which could take a number of years to formulate.
The US Commerce Department has issued the following fact-sheet regarding the newly approved Privacy Shield: https://www.commerce.gov/sites/commerce.gov/files/media/files/2016/fact_sheet-_eu-us_privacy_shield_7-16_sc_cmts.pdf
The full text of the rules can be found at https://www.commerce.gov/sites/commerce.gov/files/media/files/2016/eu_us_privacy_shield_full_text.pdf.pdf
Defend Trade Secrets Act
On May 11, 2016, President Obama signed into law the Defend Trade Secrets Act of 2016 (“DTSA”), which amends the Economic Espionage Act of 1996 to provide a federal cause of action for trade secret misappropriation. The DTSA became effective immediately, but only applies to misappropriation occurring on or after the law’s effective date. The law is intended to address some lack of uniformity in state trade secret legislation, address non-uniform state court interpretation of the Uniform Trade Secrets Act, allow litigants to file suit in federal court regardless of the amount in controversy, and to provide for seizure of property required “to prevent the propagation or dissemination of the trade secret” without a hearing as long as the party whose property was seized is given the opportunity for a hearing soon afterwards (typically within seven days).
Employers may wish to modify certain standard agreements. The DTSA protects whistleblowers from criminal or civil liability for disclosing a trade secret if the disclosure is made in confidence to a government official or to an attorney for the purpose of reporting a violation of law and requires employers to provide employees and contractors notice of the new immunity provision in all contracts or agreements that govern the use of a trade secret or other confidential information. Failure to comply means that the employer may not recover exemplary damages or attorney fees in an action brought under the DTSA (though employers would presumably still be able to pursue their rights under state trade secret laws). Given the potential benefit of filing in federal court and potential for obtaining an ex parte seizure, employers should contact their attorney to discuss whether to add the notices to their standard agreements, including employment agreements, independent contractor agreements, consulting agreements, separation and release of claims agreements, severance agreements, proprietary rights agreements and employee/contractor confidentiality agreements.
NOTICE: The materials you find on this web site have been prepared by Karr Tuttle Campbell to provide information about the services we offer to our clients and to provide information of general interest about a variety of legal subjects. This information is not intended as legal advice or as a substitute for the particularized advice of your own counsel and should not be relied upon as such. The advice appropriate for you will be dependent upon the particular facts and circumstances of your situation. The transmission or receipt of this information does not create an attorney-client relationship.
Copyright © 2016 Karr Tuttle Campbell