§ 36F-1. Short title.

This Chapter may be cited as the Revised Uniform Fiduciary Access to Digital Assets Act.

History. 2016-53, s. 1.

Editor’s Note.

Official Comments in Chapter 36: Copyright 2015 by the National Conference of Commissioners on Uniform State Laws.

Session Laws 2016-53, s. 11, is a severability clause.

Session Laws 2016-53, s. 12, made this chapter effective June 30, 2016.

North Carolina Comment

Chapter 36F of the General Statutes contains substantially the text of the Revised Uniform Access to Digital Assets Act (2015). Most of the variations from the Uniform Law Commission’s text conform to this State’s numbering system and its stylistic drafting conventions and are not separately noted. No change from the Uniform Act’s meaning was intended. By way of example, the designators “a.,” “b.,” and “c.” were substituted at the sub-subdivision level for the designators “(A),” “(B),” and “(C),” the definitions section and the sections with lists were reformatted and the introductory and other language altered to account for the reformatting, and the words “of this section” (or subsection, subdivision, etc.) were added after internal references to subunits of an individual section throughout the Chapter. The designation “(2015)” was not included in the title simply to avoid confusion since the law was enacted in this State in 2016.

Legal Periodicals.

For article, “The Lawyer’s Cryptionary: A Resource for Talking to Clients about Crypto-transactions,” see 41 Campbell L. Rev. 47 (2019).

§ 36F-2. Definitions.

The following definitions apply in this Chapter:

  1. Account. — An arrangement under a terms-of-service agreement in which a custodian carries, maintains, processes, receives, or stores a digital asset of the user or provides goods or services to the user.
  2. Agent. — An attorney-in-fact granted authority under a durable or nondurable power of attorney.
  3. Carries. — Engages in the transmission of an electronic communication.
  4. Catalogue of electronic communications. — Information that identifies each person with which a user has had an electronic communication, the time and date of the communication, and the electronic address of the person.
  5. Reserved.
  6. Content of an electronic communication. — Information concerning the substance or meaning of the communication which meets all of the following:
    1. Has been sent or received by a user.
    2. Is in electronic storage by a custodian providing an electronic-communication service to the public or is carried or maintained by a custodian providing a remote-computing service to the public.
    3. Is not readily accessible to the public.
  7. Court. — The clerk of superior court or superior court judge, as provided in G.S. 1-7, or other court having competent jurisdiction over the estate, trust, fiduciary, or user, as applicable, or other matters relating to the content of this Chapter.
  8. Custodian. — A person that carries, maintains, processes, receives, or stores a digital asset of a user.
  9. Designated recipient. — A person chosen by a user using an online tool to administer digital assets of the user.
  10. Digital asset. — An electronic record in which an individual has a right or interest. The term does not include an underlying asset or liability unless the asset or liability is itself an electronic record.
  11. Electronic. — Relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.
  12. Electronic communication. — Has the meaning set forth in 18 U.S.C. § 2510(12).
  13. Electronic-communication service. — A custodian that provides to a user the ability to send or receive an electronic communication.
  14. Fiduciary. — An original, additional, or successor personal representative, guardian, agent, or trustee.
  15. Guardian. — A person appointed by a court to manage the estate of a living individual. The term includes a general guardian, a guardian of the estate, an interim guardian, and a standby guardian appointed under Chapter 35A of the General Statutes.
  16. Information. — Data, text, images, videos, sounds, codes, computer programs, software, databases, or the like.
  17. Online tool. — An electronic service provided by a custodian that allows the user, in an agreement distinct from the terms-of-service agreement between the custodian and user, to provide directions for disclosure or nondisclosure of digital assets to a third person.
  18. Person. — An individual, estate, business or nonprofit entity, public corporation, government or governmental subdivision, agency, instrumentality, business trust, partnership, limited liability company, association, joint venture, or any other legal or commercial entity.
  19. Personal representative. — An executor, administrator, special administrator, or person that performs substantially the same function under a law of this State other than this Chapter.
  20. Power of attorney. — A record that grants an agent authority to act in the place of a principal.
  21. Principal. — An individual who grants authority to an agent in a power of attorney.
  22. Reserved.
  23. Record. — Information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form.
  24. Remote-computing service. — A custodian that provides to a user computer-processing services or the storage of digital assets by means of an electronic-communications system, as defined in 18 U.S.C. § 2510(14).
  25. Terms-of-service agreement. — An agreement that controls the relationship between a user and a custodian.
  26. Trustee. — A fiduciary with legal title to property under an agreement or declaration that creates a beneficial interest in another. The term includes an original, additional, and successor trustee, whether or not confirmed by a court.
  27. User. — A person that has an account with a custodian.
  28. Ward. — An individual for whom a guardian has been appointed. The term includes an individual for whom an application for the appointment of a guardian is pending.
  29. Will. — Includes a codicil, a testamentary instrument that only appoints an executor, and an instrument that revokes or revises a testamentary instrument.

History. 2016-53, s. 1; 2017-102, s. 12.1(a).

OFFICIAL COMMENT

Many of the definitions are based on those in the Uniform Probate Code: agent (UPC Section 1-201(1)), conservator (UPC Section 5-102(1)), court (UPC Section 1-201(8)), electronic (UPC Section 5B-102(3)), fiduciary (UPC Section 1-201(15)), person (UPC Section 5B-101(6)), personal representative (UPC Section 1-201(35)), power of attorney (UPC Section 5B-102(7)), principal (UPC Section 5B-102(9)), protected person (UPC Section 5-102(8)), record (UPC Section 1-201(41)), and will (UPC Section 1-201(57)). The definition of “information” is based on that in the Uniform Electronic Transactions Act, Section 2, subsection (11). Many of the other definitions are either drawn from federal law, as discussed below, or are new for this act.

The definition of “account” is broadly worded to encompass any contractual arrangement subject to a terms-of-service agreement, but limited for the purpose of this act by the requirement that the custodian carry, maintain, process, receive, or store a digital asset of the user.

The definition of “digital asset” expressly excludes underlying assets such as funds held in an online bank account. Because records may exist in both electronic and non-electronic formats, this definition clarifies the scope of the act and the limitation on the type of records to which it applies. The term includes types of electronic records currently in existence and yet to be invented. It includes any type of electronically-stored information, such as: 1) information stored on a user’s computer and other digital devices; 2) content uploaded onto websites; and 3) rights in digital property. It also includes records that are either the catalogue or the content of an electronic communication. See 18 U.S.C. Section 2702(a)(2); James D. Lamm, Christina L. Kunz, Damien A. Riehl and Peter John Rademacher, The Digital Death Conundrum: How Federal and State Laws Prevent Fiduciaries from Managing Digital Property, 68 U. Miami L. Rev. 385, 388 (2014) (available at: http://goo.gl/T9jX1d).

The term “catalogue of electronic communications” is designed to cover log-type information about an electronic communication such as the email addresses of the sender and the recipient, and the date and time the communication was sent.

The term “content of an electronic communication” is adapted from 18 U.S.C. Section 2510(8), which provides that content: “when used with respect to any wire, oral, or electronic communication, includes any information concerning the substance, purport, or meaning of that communication.” The definition is designed to cover only content subject to the coverage of Section 2702 of the Electronic Communications Privacy Act (ECPA), 18 U.S.C. Section 2510 et seq.; it does not include content not subject to ECPA. Consequently, the “content of an electronic communication”, as used later throughout Revised UFADAA, refers only to information in the body of an electronic message that is not readily accessible to the public; if the information were readily accessible to the public, it would not be subject to the privacy protections of federal law under ECPA. See S. Rep. No. 99-541, at 36 (1986). Example: X uses a Twitter account to send a message. If the tweet is sent only to other people who have been granted access to X’s tweets, then it meets Revised UFADAA’s definition of “content of an electronic communication.” But, if the tweet is completely public with no access restrictions, then it does not meet the act’s definition of “content of an electronic communication.” ECPA does not apply to private e-mail service providers, such as employers and educational institutions. See 18 U.S.C. Section 2702(a)(2); James D. Lamm, Christina L. Kunz, Damien A. Riehl and Peter John Rademacher, The Digital Death Conundrum: How Federal and State Laws Prevent Fiduciaries from Managing Digital Property, 68 U. Miami L. Rev. 385, 404 (2014) (available at: http://goo.gl/T9jX1d).

A “user” is a person that has an account with a custodian, and includes a deceased individual that entered into the agreement while alive. A fiduciary can be a user when the fiduciary opens the account.

The definition of “carries” is drawn from federal law, 47 U.S.C. Section 1001(8).

A “custodian” includes any entity that provides or stores electronic data for a user.

The fiduciary’s access to a record defined as a “digital asset” does not mean the fiduciary owns the asset or may engage in transactions with the asset. Consider, for example, a fiduciary’s legal rights with respect to funds in a bank account or securities held with a broker or other custodian, regardless of whether the bank, broker, or custodian has a brick-and-mortar presence. This act affects electronic records concerning the bank account or securities, but does not affect the authority to engage in transfers of title or other commercial transactions in the funds or securities, even though such transfers or other transactions might occur electronically. Revised UFADAA only deals with the right of the fiduciary to access all relevant electronic communications and digital assets accessible through the online account. An entity may not refuse to provide access to online records any more than the entity can refuse to provide the fiduciary with access to hard copy records.

An “electronic communication” is a particular type of digital asset subject to the privacy protections of the Electronic Communications Privacy Act. It includes email, text messages, instant messages, and any other electronic communication between private parties. The definition of “electronic communication” is that set out in 18 U.S.C. Section 2510(12): “electronic communication” means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce, but does not include-

(A) any wire or oral communication;

(B) any communication made through a tone-only paging device;

(C) any communication from a tracking device (as defined in section 3117 of this title); or

(D) electronic funds transfer information stored by a financial institution in a communications system used for the electronic storage and transfer of funds.

The definition of “electronic-communication service” is drawn from 18 U.S.C. Section 2510(15): “any service which provides to users thereof the ability to send or receive wire or electronic communications.” The definition of “remote-computing service” is adapted from 18 U.S.C. Section 2711(2): “the provision to the public of computer storage or processing services by means of an electronic communications system.” The definition refers to 18 U.S.C. Section 2510(14), which defines an electronic communications system as: “any wire, radio, electromagnetic, photooptical or photoelectronic facilities for the transmission of wire or electronic communications, and any computer facilities or related electronic equipment for the electronic storage of such communications.”

A “fiduciary” under this act occupies a status recognized by state law, and a fiduciary’s powers under this act are subject to the relevant limits established by other state laws.

An “online tool” is a mechanism by which a user names an individual to manage the user’s digital assets after the occurrence of a future event, such as the user’s death or incapacity. The named individual is referred to as the “designated recipient” in the act to differentiate the person from a fiduciary. A designated recipient may perform many of the same tasks as a fiduciary, but is not held to the same legal standard of conduct.

The term “record” includes information available on both tangible and electronic media. Revised UFADAA applies only to electronic records.

The “terms-of-service agreement” definition relies on the definition of “agreement” found in UCC Section 1-201(b)(3) (“the bargain of the parties in fact, as found in their language or inferred from other circumstances, including course of performance, course of dealing, or usage of trade”). It refers to any agreement that controls the relationship between a user and a custodian, even though it might be called a terms-of-use agreement, a click-wrap agreement, a click-through license, or a similar term. State and federal law determine capacity to enter into a binding terms-of-service agreement.

North Carolina Comment

The terms “conservator” and “protected person” were changed to terms more familiar to attorneys in this State, “guardian” and “ward.” In the definition of “guardian,” the drafters added a list of the types of guardians that may be appointed under this State’s laws which qualify under this definition. In the definitions of “electronic communication” and “remote computing service,” the bracketed phrase “as amended” was considered unnecessary and accordingly not included. The definition of “person” was changed to include specific references to types of business organizations that may not qualify as entities for all purposes in this State.

Editor’s Note.

This section is set out as it appears in Session Laws 2016-53, s. 1, however, due to a formatting issue some of the text was not underlined in the printed copy of the bill that was actually signed by the Governor. The section has been set out as directed by the Revisor of Statutes, pursuant to G.S. 120-20.1(b2).

Session Laws 2016-53, s. 10 provides: “The Revisor of Statutes shall cause to be printed, as annotations to the published General Statutes, all relevant portions of the Official Comments to the Revised Uniform Fiduciary Access to Digital Assets Act (2015) and all explanatory comments of the drafters of this act as the Revisor may deem appropriate.”

Effect of Amendments.

Session Laws 2017-102, s. 12.1(a), effective July 12, 2017, deleted “Reserved.” in subdivisions (5) and (21). Those subdivisions continue to be set out as reserved at the direction of the Revisor of Statutes.

§ 36F-3. Applicability.

  1. This Chapter applies to all of the following:
    1. A fiduciary acting under a will or power of attorney executed before, on, or after June 30, 2016.
    2. A personal representative acting for a decedent who died before, on, or after June 30, 2016.
    3. A guardian appointed before, on, or after June 30, 2016.
    4. A trustee acting under a trust created before, on, or after June 30, 2016.
  2. This Chapter applies to a custodian if the user resides in this State or resided in this State at the time of the user’s death.
  3. This Chapter does not apply to a digital asset of an employer used by an employee in the ordinary course of the employer’s business.

History. 2016-53, s. 1.

OFFICIAL COMMENT

This act does not change the substantive rules of other laws, such as agency, banking, conservatorship, contract, copyright, criminal, fiduciary, privacy, probate, property, security, trust, or other applicable law except to vest fiduciaries with authority, according to the provisions of this act, to access or copy digital assets of a decedent, protected person, principal, settlor, or trustee.

Subsection (a)(2) covers the situations in which a decedent dies intestate, so it falls outside of subsection (a)(1), as well as the situations in which a state’s procedures for small estates are used.

Subsection (b) states that custodians are subject to the act if the custodian’s user was a resident of the enacting state. This includes out-of-state custodians, who must respond to requests for access in the same way that out-of-state banks or credit card companies must respond to requests from a fiduciary requesting access to a customer’s account.

Subsection (c) clarifies that the act does not apply to a fiduciary’s access to an employer’s internal email system.

Example 1—Fiduciary access to an employee e-mail account. D dies, employed by Company Y. Company Y has an internal e-mail communication system, available only to Y’s employees, and used by them in the ordinary course of Y’s business. D’s personal representative, R, believes that D used Company Y’s e-mail system to effectuate some financial transactions that R cannot find through other means. R requests access from Company Y to the e-mails.

Company Y is not a custodian subject to the act. Under Section 2(8), a custodian must carry, maintain or store a user’s digital assets. A user, under Section 2(26) must have an account, and an account, in turn, is defined under Section 2(1) as a contractual arrangement subject to a terms-of-service agreement. Company Y, like most employers, did not enter into a terms-of-service agreement with D, so Y is not a custodian.

Example 2—Employee of electronic-communication service provider. D dies, employed by Company Y. Company Y is an electronic-communication service provider. Company Y has an internal e-mail communication system, available only to Y’s employees and used by them in the ordinary course of Y’s business. D used the internal Company Y system. When not at work, D also used an electronic-communication service system that Company Y provides to the public. D’s personal representative, R, believes that D used Company Y’s internal e-mail system as well as Company Y’s electronic-communication system available to the public to effectuate some financial transactions. R seeks access to both communication systems.

As is true in Example 1, Company Y is not a custodian subject to the act for purposes of the internal email system. The situation is different with respect to R’s access to Company Y’s system that is available to the public. Assuming that Company Y can disclose the communications under federal law and R meets the other requirements of this act, Company Y must disclose them to R.

Editor’s Note.

Session Laws 2016-53, s. 10 provides: “The Revisor of Statutes shall cause to be printed, as annotations to the published General Statutes, all relevant portions of the Official Comments to the Revised Uniform Fiduciary Access to Digital Assets Act (2015) and all explanatory comments of the drafters of this act as the Revisor may deem appropriate.”

§ 36F-4. User direction for disclosure of digital assets.

  1. A user may use an online tool to direct the custodian to disclose to a designated recipient or not to disclose some or all of the user’s digital assets, including the content of electronic communications. If the online tool allows the user to modify or delete a direction at all times, a direction regarding disclosure using an online tool overrides a contrary direction by the user in a will, trust, power of attorney, or other record.
  2. If a user has not used an online tool to give direction under subsection (a) of this section or if the custodian has not provided an online tool, the user may allow or prohibit in a will, trust, power of attorney, or other record, disclosure to a fiduciary of some or all of the user’s digital assets, including the content of electronic communications sent or received by the user.
  3. A user’s direction under subsection (a) or (b) of this section overrides a contrary provision in a terms-of-service agreement that does not require the user to act affirmatively and distinctly from the user’s assent to the terms of service.

History. 2016-53, s. 1.

OFFICIAL COMMENT

This section addresses the relationship of online tools, other records documenting the user’s intent, and terms-of-service agreements. In some instances, there may be a conflict between the directions provided by a user in an online tool that limits access by other parties to the user’s digital assets, and the user’s estate planning or other personal documents that purport to authorize access for specified persons in identified situations. The act attempts to balance these interests by establishing a three-tier priority system for determining the user’s intent with respect to any digital asset.

Subsection (a) gives top priority to a user’s wishes as expressed using an online tool. If a custodian of digital assets allows the user to provide directions for handling those digital assets in case of the user’s death or incapacity, and the user does so, that provides the clearest possible indication of the user’s intent and is specifically limited to those particular digital assets.

If the user does not give direction using an online tool, but makes provisions in an estate plan for the disposition of digital assets, subsection (b) gives legal effect to the user’s directions. The fiduciary charged with managing the user’s digital assets must provide a copy of the relevant document to the custodian when requesting access. See Sections 7 through 14.

If the user provides no other direction, the terms-of-service governing the account will apply. If the terms-of-service do not address fiduciary access to digital assets, the default rules provided in this act will apply.

Editor’s Note.

Session Laws 2016-53, s. 10 provides: “The Revisor of Statutes shall cause to be printed, as annotations to the published General Statutes, all relevant portions of the Official Comments to the Revised Uniform Fiduciary Access to Digital Assets Act (2015) and all explanatory comments of the drafters of this act as the Revisor may deem appropriate.”

§ 36F-5. Terms-of-service agreement.

  1. This Chapter does not change or impair a right of a custodian or a user under a terms-of-service agreement to access and use digital assets of the user.
  2. This Chapter does not give a fiduciary or designated recipient any new or expanded rights other than those held by the user for whom, or for whose estate, the fiduciary or designated recipient acts or represents.
  3. A fiduciary’s or designated recipient’s access to digital assets may be modified or eliminated by a user, by federal law, or by a terms-of-service agreement if the user has not provided direction under G.S. 36F-4.

History. 2016-53, s. 1.

OFFICIAL COMMENT

This section clarifies that, to the extent that a custodian gives a fiduciary access to an account pursuant to Section 6, the account’s terms-of-service agreement applies equally to the original user and to a fiduciary acting for the original user. A fiduciary is subject to the same terms and conditions of the user’s agreement with the custodian. This section does not require a custodian to permit a fiduciary to assume a user’s terms-of-service agreement if the custodian can otherwise comply with Section 6.

Editor’s Note.

Session Laws 2016-53, s. 10 provides: “The Revisor of Statutes shall cause to be printed, as annotations to the published General Statutes, all relevant portions of the Official Comments to the Revised Uniform Fiduciary Access to Digital Assets Act (2015) and all explanatory comments of the drafters of this act as the Revisor may deem appropriate.”

§ 36F-6. Procedure for disclosing digital assets.

  1. When disclosing digital assets of a user under this Chapter, the custodian may, at its sole discretion, do any of the following:
    1. Grant a fiduciary or designated recipient full access to the user’s account.
    2. Grant a fiduciary or designated recipient partial access to the user’s account sufficient to perform the tasks with which the fiduciary or designated recipient is charged.
    3. Provide a fiduciary or designated recipient a copy in a record of any digital asset that, on the date the custodian received the request for disclosure, the user could have accessed if the user were alive and had full capacity and access to the account.
  2. A custodian may assess a reasonable administrative charge for the cost of disclosing digital assets under this Chapter.
  3. A custodian need not disclose under this Chapter a digital asset deleted by the user.
  4. If a user directs or a fiduciary requests a custodian to disclose under this Chapter some, but not all, of the user’s digital assets, the custodian need not disclose the assets if segregation of the assets would impose an undue burden on the custodian. If the custodian believes the direction or request imposes an undue burden, the custodian or fiduciary may seek an order from the court to disclose any of the following:
    1. A subset limited by date of the user’s digital assets.
    2. All of the user’s digital assets to the fiduciary or designated recipient.
    3. None of the user’s digital assets.
    4. All of the user’s digital assets to the court for review in camera.

History. 2016-53, s. 1.

OFFICIAL COMMENT

This section governs a custodian’s response to a request for disclosure of a user’s digital assets.

Subsection (a) gives the custodian of digital assets a choice of methods for disclosing digital assets to an authorized fiduciary. Each custodian has a different business model and may prefer one method over another.

Subsection (b) allows a custodian to assess a reasonable administrative charge for the cost of disclosure. This is intended to be analogous to the charge any business may assess for administrative tasks outside the ordinary course of its business to comply with a court order.

Subsection (c) states that any digital asset deleted by the user need not be disclosed, even if recoverable by the custodian. Deletion is assumed to be a good indication that the user did not intend for a fiduciary to have access.

Subsection (d) addresses requests that are unduly burdensome because they require segregation of digital assets. For example, a fiduciary’s request for disclosure of “any email pertaining to financial matters” would require a custodian to sort through the full list of emails and cull any irrelevant messages before disclosure. If a custodian receives an unduly burdensome request of this sort, it may decline to disclose the digital assets, and either the fiduciary or custodian may seek guidance from a court.

Editor’s Note.

Session Laws 2016-53, s. 10 provides: “The Revisor of Statutes shall cause to be printed, as annotations to the published General Statutes, all relevant portions of the Official Comments to the Revised Uniform Fiduciary Access to Digital Assets Act (2015) and all explanatory comments of the drafters of this act as the Revisor may deem appropriate.”

§ 36F-7. Disclosure of content of electronic communications of deceased user.

If a deceased user consented or a court directs disclosure of the contents of electronic communications of the user, the custodian shall disclose to the personal representative of the estate of the user the content of an electronic communication sent or received by the user if the personal representative gives the custodian all of the following:

  1. A written request for disclosure in physical or electronic form.
  2. A certified copy of the death certificate of the user.
  3. A certified copy of letters of administration or letters testamentary of the personal representative, a certified copy of a small estate affidavit filed in accordance with G.S. 28A-25-1(b), a certified copy of a summary administration order described in G.S. 28A-28-3, or a court order.
  4. Unless the user provided direction using an online tool, a copy of the user’s will, trust, power of attorney, or other record evidencing the user’s consent to disclosure of the content of electronic communications.
  5. If requested by the custodian, any of the following:
    1. A number, username, address, or other unique subscriber or account identifier assigned by the custodian to identify the user’s account.
    2. Evidence linking the account to the user.
    3. A finding by the court of any of the following:
      1. That the user had a specific account with the custodian, identifiable by the information specified in sub-subdivision a. of this subdivision.
      2. That disclosure of the content of electronic communications of the user would not violate 18 U.S.C. § 2701, et seq., 47 U.S.C. § 222, or other applicable law.
      3. That, unless the user provided direction using an online tool, the user consented to disclosure of the content of electronic communications.
      4. That disclosure of the content of electronic communications of the user is reasonably necessary for administration of the estate.

History. 2016-53, s. 1.

OFFICIAL COMMENT

The Electronic Communications Privacy Act (ECPA) distinguishes between the permissible disclosure of the “content” of an electronic communication, covered in 18 U.S.C. Section 2702(b), and of “a record or other information pertaining to a” subscriber or customer, covered in 18 U.S.C. Section 2702(c); see Matthew J. Tokson, The Content/Envelope Distinction in Internet Law, 50 Wm. & Mary L. Rev. 2105 (2009). Section 7 concerns disclosure of content; Section 8 covers disclosure of non-content and other digital assets of the user.

Content-based material can, in turn, be divided into two types of communications: those received by the user and those sent. Federal law, 18 U.S.C. Section 2702(b) permits a custodian to divulge the contents of a communication “(1) to an addressee or intended recipient of such communication or an agent of such addressee or intended recipient” or “(3) with the lawful consent of the originator or an addressee or intended recipient of such communication, or the subscriber in the case of remote computing service.”

Consequently, when the user is the “addressee or intended recipient,” material can be disclosed either to that individual or to an agent for that person, 18 U.S.C. Section 2702(b)(1), and it can also be disclosed to third parties with the “lawful consent” of the addressee or intended recipient. 18 U.S.C. Section 2702(b)(3). Material for which the user is the “originator” (or the “subscriber” to a remote computing service) can be disclosed to third parties only with the user’s “lawful consent.” 18 U.S.C. Section 2702(b)(3). (Note that, when the user is the addressee or intended recipient, material can be disclosed under either (b)(1) or (b)(3), but that when the user is the originator, lawful consent is required under (b)(3).) See the Comments concerning the definition of “content” after Section 2. By contrast to content-based material, non-content material can be disclosed either with the lawful consent of the user or to any person (other than a governmental entity) even without lawful consent. This information includes material about any communication sent, such as the addressee, sender, date ime, and other subscriber data, which this act defines as the “catalogue of electronic communications.” (Further discussion of this issue and examples are set out in the Comments to Section 15, infra. )

Therefore, Section 7 gives the personal representative access to digital assets if the user consented to disclosure or if a court orders disclosure. To obtain access, the personal representative must provide the documentation specified by Section 7. First, the personal representative must give the custodian a written request for disclosure, a copy of the death certificate, a document establishing the authority of the personal representative, and, in the absence of an online tool, a record evidencing the user’s consent to disclosure. When requesting disclosure, the fiduciary must write or email the custodian. The form of the request is limited, and does not, for example, include video, Tweet, instant message or other forms of communication.

Second, if the custodian requests, then the personal representative can be required to establish that the requested information is necessary for estate administration and the account is attributable to the decedent. Different custodians may have different procedures. Thus a custodian may request that the personal representative obtain a court order, and such an order must include findings that: 1) the user had a specific account with the custodian, 2) that disclosure of the content of electronic communications of the user would not violate the SCA or other law, 3) unless the user provided direction using an online tool, that the user consented to disclosure of the content of electronic communications, or 4) that disclosure of the content of electronic communications of a user is reasonably necessary for administration of the estate.

North Carolina Comment

In subdivision (3), the Uniform Act’s bracketed phrase providing a generic description of documents appointing a personal representative was deleted and a more detailed list substituted, and in sub-sub-subdivision (5)c.2., the bracketed phrase “as amended” was not included as being unnecessary.

Editor’s Note.

Session Laws 2016-53, s. 10 provides: “The Revisor of Statutes shall cause to be printed, as annotations to the published General Statutes, all relevant portions of the Official Comments to the Revised Uniform Fiduciary Access to Digital Assets Act (2015) and all explanatory comments of the drafters of this act as the Revisor may deem appropriate.”

§ 36F-8. Disclosure of other digital assets of deceased user.

Unless the user prohibited disclosure of digital assets or the court directs otherwise, a custodian shall disclose to the personal representative of the estate of a deceased user a catalogue of electronic communications sent or received by the user and digital assets, other than the content of electronic communications, of the user, if the personal representative gives the custodian all of the following:

  1. A written request for disclosure in physical or electronic form.
  2. A certified copy of the death certificate of the user.
  3. A certified copy of letters of administration or letters testamentary of the personal representative, a certified copy of a small estate affidavit filed in accordance with G.S. 28A-25-1(b), a certified copy of a summary administration order described in G.S. 28A-28-3, or a court order.
  4. If requested by the custodian, any of the following:
    1. A number, username, address, or other unique subscriber or account identifier assigned by the custodian to identify the user’s account.
    2. Evidence linking the account to the user.
    3. An affidavit stating that disclosure of the user’s digital assets is reasonably necessary for administration of the estate.
    4. A finding by the court of any of the following:
      1. That the user had a specific account with the custodian, identifiable by the information specified in sub-subdivision a. of this subdivision.
      2. That disclosure of the user’s digital assets is reasonably necessary for administration of the estate.

History. 2016-53, s. 1.

OFFICIAL COMMENT

As in Section 7, when requesting disclosure of non-content, the fiduciary must write or email the custodian.

Section 8 requires disclosure of all other digital assets, unless prohibited by the decedent or directed by the court, once the personal representative provides a written request, a death certificate and a certified copy of the letter of appointment. In addition, the custodian may request a court order, and such an order must include findings that the decedent had a specific account with the custodian and that disclosure of the decedent’s digital assets is reasonably necessary for administration of the estate. Thus, Section 8 was intended to give personal representatives default access to the “catalogue” of electronic communications and other digital assets not protected by federal privacy law.

North Carolina Comment

In subdivision (3), the Uniform Act’s bracketed phrase providing a generic description of documents appointing a personal representative was deleted and a more detailed list substituted.

Editor’s Note.

Session Laws 2016-53, s. 10 provides: “The Revisor of Statutes shall cause to be printed, as annotations to the published General Statutes, all relevant portions of the Official Comments to the Revised Uniform Fiduciary Access to Digital Assets Act (2015) and all explanatory comments of the drafters of this act as the Revisor may deem appropriate.”

§ 36F-9. Disclosure of content of electronic communications of principal.

To the extent a power of attorney expressly grants an agent authority over the content of electronic communications sent or received by the principal and unless directed otherwise by the principal or the court, a custodian shall disclose to the agent the content of an electronic communication if the agent gives the custodian all of the following:

  1. A written request for disclosure in physical or electronic form.
  2. An original or copy of the power of attorney expressly granting the agent authority over the content of electronic communications of the principal.
  3. A certification by the agent, under penalty of perjury, that the power of attorney is in effect.
  4. If requested by the custodian, any of the following:
    1. A number, username, address, or other unique subscriber or account identifier assigned by the custodian to identify the principal’s account.
    2. Evidence linking the account to the principal.

History. 2016-53, s. 1.

OFFICIAL COMMENT

An agent has access to the content of electronic communications only when the power of attorney explicitly grants access. Section 10 concerns disclosure of other digital assets of the principal.

When a power of attorney contains the consent of the principal, ECPA does not prevent the agent from exercising authority over the content of an electronic communication. See the Comments to Section 7. There should be no question that an explicit delegation of authority in a power of attorney constitutes authorization from the user to access digital assets and provides “lawful consent” to allow disclosure of the content of an electronic communication from an electronic-communication service or a remote-computing service pursuant to applicable law. Both authorization and lawful consent are important because 18 U.S.C. Section 2701 deals with intentional access without authorization and 18 U.S.C. Section 2702 allows a service provider to disclose with lawful consent. Federal courts have not yet interpreted how ECPA affects a fiduciary’s efforts to access the content of an electronic communication. E.g., In re Facebook, Inc., 923 F. Supp. 2d 1204 (N.D. Cal. 2012).

When requesting access, the agent must write or email the custodian (see the comments in Section 7). The agent must also give the custodian an original or copy of the power of attorney expressly granting the agent authority over the contents of electronic communications of the principal to the agent and a certification by the agent, under penalty of perjury, that the power of attorney is in effect. In addition, if requested by the custodian, the agent must provide a unique subscriber or account identifier assigned by the custodian to identify the principal’s account or other evidence linking the account to the principal.

Editor’s Note.

Session Laws 2016-53, s. 10 provides: “The Revisor of Statutes shall cause to be printed, as annotations to the published General Statutes, all relevant portions of the Official Comments to the Revised Uniform Fiduciary Access to Digital Assets Act (2015) and all explanatory comments of the drafters of this act as the Revisor may deem appropriate.”

§ 36F-10. Disclosure of other digital assets of principal.

Unless otherwise ordered by the court, directed by the principal, or provided by a power of attorney, a custodian shall disclose to an agent with specific authority over digital assets or general authority to act on behalf of a principal a catalogue of electronic communications sent or received by the principal, and digital assets, other than the content of communications, of the principal if the agent gives the custodian all of the following:

  1. A written request for disclosure in physical or electronic form.
  2. An original or a copy of the power of attorney that gives the agent specific authority over digital assets or general authority to act on behalf of the principal.
  3. A certification by the agent, under penalty of perjury, that the power of attorney is in effect.
  4. If requested by the custodian, any of the following:
    1. A number, username, address, or other unique subscriber or account identifier assigned by the custodian to identify the principal’s account.
    2. Evidence linking the account to the principal.

History. 2016-53, s. 1.

OFFICIAL COMMENT

This section establishes that the agent has default authority over all of the principal’s digital assets, other than the content of the principal’s electronic communications. When requesting access, the agent must write or email the custodian (see the comments in Section 7).

The agent must also give the custodian an original or copy of the power of attorney and a certification by the agent, under penalty of perjury, that the power of attorney is in effect. Also, if requested by the custodian, the agent must provide a unique subscriber or account identifier assigned by the custodian to identify the principal’s account, or some evidence linking the account to the principal.

Editor’s Note.

Session Laws 2016-53, s. 10 provides: “The Revisor of Statutes shall cause to be printed, as annotations to the published General Statutes, all relevant portions of the Official Comments to the Revised Uniform Fiduciary Access to Digital Assets Act (2015) and all explanatory comments of the drafters of this act as the Revisor may deem appropriate.”

§ 36F-11. Disclosure of digital assets held in trust when trustee is original user.

Unless otherwise ordered by the court or provided in a trust, a custodian shall disclose to a trustee that is an original user of an account any digital asset of the account held in trust, including a catalogue of electronic communications of the trustee and the content of electronic communications.

History. 2016-53, s. 1.

OFFICIAL COMMENT

Section 11 provides that trustees who are original users can access all digital assets held in the trust. There should be no question that a trustee who is the original user will have full access to all digital assets. This includes the content of electronic communications, as access to content is presumed with respect to assets for which the trustee is the initial user. A trustee may have title to digital assets when the trustee opens an account as trustee; under those circumstances, the trustee can access the content of each digital asset that is in an account for which the trustee is the original user, not necessarily each digital asset held in the trust.

Editor’s Note.

Session Laws 2016-53, s. 10 provides: “The Revisor of Statutes shall cause to be printed, as annotations to the published General Statutes, all relevant portions of the Official Comments to the Revised Uniform Fiduciary Access to Digital Assets Act (2015) and all explanatory comments of the drafters of this act as the Revisor may deem appropriate.”

§ 36F-12. Disclosure of contents of electronic communications held in trust when trustee not original user.

Unless otherwise ordered by the court, directed by the user, or provided in a trust, a custodian shall disclose to a trustee that is not an original user of an account the content of an electronic communication sent or received by an original or successor user and carried, maintained, processed, received, or stored by the custodian in the account of the trust if the trustee gives the custodian all of the following:

  1. A written request for disclosure in physical or electronic form.
  2. A verified copy of the trust instrument, or a certification of the trust under G.S. 36C-10-1013, that includes consent to disclosure of the content of electronic communications to the trustee.
  3. A certification by the trustee, under penalty of perjury, that the trust exists and the trustee is a currently acting trustee of the trust.
  4. If requested by the custodian, any of the following:
    1. A number, username, address, or other unique subscriber or account identifier assigned by the custodian to identify the trust’s account.
    2. Evidence linking the account to the trust.

History. 2016-53, s. 1.

OFFICIAL COMMENT

For accounts that are transferred into a trust by the settlor or in another manner, a trustee is not the original user of the account, and the trustee’s authority is qualified. Thus, Section 12, governing disclosure of content of electronic communications from those accounts, requires consent.

Section 12 addresses situations involving an inter vivos transfer of a digital asset into a trust, a transfer into a testamentary trust, or a transfer via a pourover will or other governing instrument of a digital asset into a trust. In those situations, a trustee becomes a successor user when the settlor transfers a digital asset into the trust. There should be no question that the trustee with legal title to the digital asset was authorized by the settlor to access the digital assets so transferred, including both the catalogue and content of an electronic communication, and this provides “lawful consent” to allow disclosure of the content of an electronic communication from an electronic-communication service or a remote-computing service pursuant to applicable law. See the Comments concerning the definitions of the “content of an electronic communication” after Section 2. Nonetheless, Sections 12 and 13 distinguish between the catalogue and content of an electronic communication in case there are any questions about whether the form in which property transferred into a trust is held constitutes lawful consent. Both authorization and lawful consent are important because 18 U.S.C. Section 2701 deals with intentional access without authorization and because 18 U.S.C. Section 2702 allows a service provider to disclose with lawful consent.

The underlying trust documents and default trust law will supply the allocation of responsibilities between and among trustees. When requesting access, the trustee must write or email the custodian (see comments to Section 7). The trustee must also give the custodian an original or copy of the trust that includes consent to disclosure of the content of electronic communications to the trustee and a certification by the trustee, under penalty of perjury, that the trust exists and that the trustee is a currently acting trustee of the trust. Also, if requested by the custodian, the trustee must provide a unique subscriber or account identifier assigned by the custodian to identify the trust’s account, or some evidence linking the account to the trust.

North Carolina Comment

In subdivision (2), “certified” was changed to “verified” to conform to this State’s practice.

Editor’s Note.

This section is set out as it appears in Session Laws 2016-53, s. 1, however, due to a formatting issue some of the text was not underlined in the printed copy of the bill that was actually signed by the Governor. The section has been set out as directed by the Revisor of Statutes, pursuant to G.S. 120-20.1(b2).

Session Laws 2016-53, s. 10 provides: “The Revisor of Statutes shall cause to be printed, as annotations to the published General Statutes, all relevant portions of the Official Comments to the Revised Uniform Fiduciary Access to Digital Assets Act (2015) and all explanatory comments of the drafters of this act as the Revisor may deem appropriate.”

§ 36F-13. Disclosure of other digital assets held in trust when trustee not original user.

Unless otherwise ordered by the court, directed by the user, or provided in a trust, a custodian shall disclose, to a trustee that is not an original user of an account, a catalogue of electronic communications sent or received by an original or successor user and stored, carried, or maintained by the custodian in an account of the trust and any digital assets, other than the content of electronic communications, in which the trust has a right or interest if the trustee gives the custodian all of the following:

  1. A written request for disclosure in physical or electronic form.
  2. A verified copy of the trust instrument or a certification of the trust under G.S. 36C-10-1013.
  3. A certification by the trustee, under penalty of perjury, that the trust exists and the trustee is a currently acting trustee of the trust.
  4. If requested by the custodian, any of the following:
    1. A number, username, address, or other unique subscriber or account identifier assigned by the custodian to identify the trust’s account.
    2. Evidence linking the account to the trust.

History. 2016-53, s. 1; 2017-102, s. 12.1(b).

OFFICIAL COMMENT

Section 13 governs digital assets other than the contents of electronic communications, so it does not require the settlor’s consent.

When requesting access, the trustee must write or email the custodian (see Comments to Section 7).

The trustee must also give the custodian an original or copy of the trust, and a certification by the trustee, under penalty of perjury, that the trust exists and that the trustee is a currently acting trustee of the trust. Also, if requested by the custodian, the trustee must provide a unique subscriber or account identifier assigned by the custodian to identify the trust’s account, or some evidence linking the account to the trust.

Editor’s Note.

This section is set out as it appears in Session Laws 2016-53, s. 1, however, due to a formatting issue some of the text was not underlined in the printed copy of the bill that was actually signed by the Governor. The section has been set out as directed by the Revisor of Statutes, pursuant to G.S. 120-20.1(b2).

Session Laws 2016-53, s. 10 provides: “The Revisor of Statutes shall cause to be printed, as annotations to the published General Statutes, all relevant portions of the Official Comments to the Revised Uniform Fiduciary Access to Digital Assets Act (2015) and all explanatory comments of the drafters of this act as the Revisor may deem appropriate.”

Effect of Amendments.

Session Laws 2017-102, s. 12.1(b), effective July 12, 2017, substituted “verified copy” for “certified copy” in subdivision (2).

§ 36F-14. Disclosure of digital assets to guardian of ward.

  1. After a hearing on a motion in the cause pursuant to G.S. 35A-1207, the court may grant a guardian access to the digital assets of a ward.
  2. Unless otherwise ordered by the court or directed by the user, a custodian shall disclose to a guardian the catalogue of electronic communications sent or received by a ward and any digital assets, other than the contents of electronic communications, in which the ward has a right or interest if the guardian gives the custodian all of the following:
    1. A written request for disclosure in physical or electronic form.
    2. A certified copy of the court order that gives the guardian authority over the digital assets of the ward.
    3. If requested by the custodian, any of the following:
      1. A number, username, address, or other unique subscriber or account identifier assigned by the custodian to identify the account of the ward.
      2. Evidence linking the account to the ward.
  3. A guardian with general authority to manage the assets of a ward may request a custodian of the digital assets of the ward to suspend or terminate an account of the ward for good cause. A request made under this section must be accompanied by a certified copy of the court order giving the guardian authority over the ward’s property.

History. 2016-53, s. 1.

OFFICIAL COMMENT

When a conservator is appointed to represent a protected person’s interests, the protected person may still retain some right to privacy in their personal communications. Therefore, Section 14 does not permit conservators to request disclosure of a protected person’s electronic communications on the basis of the conservatorship order alone. To access a protected person’s digital assets and a catalogue of electronic communications, a conservator must be specifically authorized by the court to do so. This requirement for express judicial authority over digital assets does not limit the fiduciary’s authority over the underlying assets, such as funds held in a bank account. The meaning of the term “hearing” will vary from state to state according to state law and procedures.

State law will establish the criteria for when a court will grant power to the conservator. For example, UPC Section 5-411(c) requires the court to consider the decision the protected person would have made as well as a list of other factors. Existing state law may also set out the requisite standards for a conservator’s actions. The conservator must exercise authority in the interests of the protected person. When requesting access to digital assets in which the protected person has a right or interest, the conservator must write or email the custodian (see comments to Section 7).

The conservator must also give the custodian a certified copy of the court order that gives the conservator authority over the protected person’s digital assets. Also, if requested by the custodian, the conservator must provide a unique subscriber or account identifier assigned by the custodian to identify the protected person’s account, or some evidence linking the account to the protected person. The custodian is required to disclose the digital assets so requested.

Under subsection (c), a conservator with general authority to manage the assets of the protected person may request suspension or termination of the protected person’s account, for good cause.

North Carolina Comment

The beginning of subsection (a) was changed from “After an opportunity for a hearing under [state conservatorship law] …” to the more precise “After a hearing on a motion in the cause pursuant to G.S. 35A-1207 ….” The change is also designed to clarify that the granting of access to the ward’s digital assets may not be by ex parte motion.

Editor’s Note.

This section is set out as it appears in Session Laws 2016-53, s. 1, however, due to a formatting issue some of the text was not underlined in the printed copy of the bill that was actually signed by the Governor. The section has been set out as directed by the Revisor of Statutes, pursuant to G.S. 120-20.1(b2).

Session Laws 2016-53, s. 10 provides: “The Revisor of Statutes shall cause to be printed, as annotations to the published General Statutes, all relevant portions of the Official Comments to the Revised Uniform Fiduciary Access to Digital Assets Act (2015) and all explanatory comments of the drafters of this act as the Revisor may deem appropriate.”

§ 36F-15. Fiduciary duty and authority.

  1. The legal duties imposed on a fiduciary charged with managing tangible property apply to the management of digital assets, including all of the following:
    1. The duty of care.
    2. The duty of loyalty.
    3. The duty of confidentiality.
  2. All of the following apply to a fiduciary’s or designated recipient’s authority with respect to a digital asset of a user:
    1. Except as otherwise provided in G.S. 36F-4, it is subject to the applicable terms of service.
    2. It is subject to other applicable law, including copyright law.
    3. In the case of a fiduciary, it is limited by the scope of the fiduciary’s duties.
    4. It shall not be used to impersonate the user.
  3. A fiduciary with authority over the property of a decedent, ward, principal, or settlor has the right to access any digital asset in which the decedent, ward, principal, or settlor had a right or interest and that is not held by a custodian or subject to a terms-of-service agreement.
  4. A fiduciary acting within the scope of the fiduciary’s duties is an authorized user of the property of the decedent, ward, principal, or settlor for the purpose of applicable computer fraud and unauthorized computer access laws, including G.S. 14-458.
  5. A fiduciary with authority over the tangible, personal property of a decedent, ward, principal, or settlor:
    1. Has the right to access the property and any digital asset stored in it; and
    2. Is an authorized user for the purpose of computer fraud and unauthorized-computer-access laws, including G.S. 14-458.
  6. A custodian may disclose information in an account to a fiduciary of the user when the information is required to terminate an account used to access digital assets licensed to the user.
  7. A fiduciary of a user may request a custodian to terminate the user’s account. A request for termination must be in writing, in either physical or electronic form, and accompanied by all of the following:
    1. If the user is deceased, a certified copy of the death certificate of the user.
    2. A certified copy of letters of administration or letters testamentary of the personal representative, a certified copy of a small estate affidavit filed in accordance with G.S. 28A-25.1(b), a certified copy of a summary administration order described in G.S. 28A-28-3, or a court order, power of attorney, or trust giving the fiduciary authority over the account.
    3. If requested by the custodian, any of the following:
      1. A number, username, address, or other unique subscriber or account identifier assigned by the custodian to identify the user’s account.
      2. Evidence linking the account to the user.
      3. A finding by the court that the user had a specific account with the custodian, identifiable by the information specified in sub-subdivision a. of this subdivision.

History. 2016-53, s. 1.

OFFICIAL COMMENT

The original version of UFADAA incorporated fiduciary duties by reference to “other law.” This proved to be confusing and led to enactment difficulty. Section 15 specifies the nature, extent and limitation of the fiduciary’s authority over digital assets. Subsection (a) expressly imposes all fiduciary duties to the management of digital assets, including the duties of care, loyalty and confidentiality. Subsection (b) specifies that a fiduciary’s authority over digital assets is subject to the terms-of-service agreement, except to the extent the terms-of-service agreement provision is overridden by an action taken pursuant to Section 4, and it reinforces the applicability of copyright and fiduciary duties. Finally, subsection 15(b) prohibits a fiduciary’s authority being used to impersonate a user. Subsection 15(c) permits the fiduciary to access all digital assets not in an account or subject to a terms-of-service agreement. Subsection 15(d) further specifies that the fiduciary is an authorized user under any applicable law on unauthorized computer access.

Subsection 15(g) gives the fiduciary the option of requesting that an account be terminated, if termination would not violate a fiduciary duty.

This issue concerning the parameters of the fiduciary’s authority potentially arises in two situations: 1) the fiduciary obtains access to a password or the like directly from the user, as would be true in various circumstances such as for the trustee of an inter vivos trust or someone who has stored passwords in a written or electronic list and those passwords are then transmitted to the fiduciary; and 2) the fiduciary obtains access pursuant to this act.

This section clarifies that the fiduciary has the same authority as the user if the user were the one exercising the authority (note that, where the user has died, this means that the fiduciary has the same access as the user had immediately before death). This means that the fiduciary’s authority to access the digital asset is the same as the user except where, pursuant to Section 4, the user has explicitly opted out of fiduciary access. In exercising its responsibilities, the fiduciary is subject to the duties and obligations established pursuant to state fiduciary law, and is liable for breach of those duties. Note that even if the digital asset were illegally obtained by the user, the fiduciary would still need access in order to handle that asset appropriately. There may, for example, be tax consequences that the fiduciary would be obligated to report.

However, this section does not require a custodian to permit a fiduciary to assume a user’s terms-of-service agreement if the custodian can otherwise comply with Section 6.

In exercising its responsibilities, the fiduciary is subject to the same limitations as the user more generally. For example, a fiduciary cannot delete an account if this would be fraudulent. Similarly, if the user could challenge provisions in a terms-of-service agreement, then the fiduciary is also able to do so. See Ajemian v. Yahoo!, Inc., 987 N.E.2d 604 (Mass. 2013).

Subsection (b) is designed to establish that the fiduciary is authorized to obtain or access digital assets in accordance with other applicable laws. The language mirrors that used in Title II of the Electronic Communications Privacy Act of 1986 (ECPA), also known as the Stored Communications Act, 18 U.S.C. Section 2701 et seq. (2006); see, e.g., Orin S. Kerr, A User’s Guide to the Stored Communications Act, and a Legislator’s Guide to Amending It, 72 Geo. Wash. L. Rev. 1208 (2004). The subsection clarifies that state law treats the fiduciary as “authorized” under state laws criminalizing unauthorized access.

State laws vary in their coverage but typically prohibit unauthorized computer access. By defining the fiduciary as an authorized user in subsection (d), the fiduciary has authorization under applicable law to access the digital assets under state computer trespass laws.

Federal courts may look to these provisions to guide their interpretations of ECPA and the federal Computer Fraud and Abuse Act, but fiduciaries should understand that federal courts may not view such provisions as dispositive in determining whether access to a user’s account violated federal criminal law.

Subsection (e) clarifies that the fiduciary is authorized to access digital assets stored on tangible personal property of the decedent, protected person, principal, or settlor, such as laptops, computers, smartphones or storage media, exempting fiduciaries from application for purposes of state or federal laws on unauthorized computer access. For criminal law purposes, this clarifies that the fiduciary is authorized to access all of the user’s digital assets, whether held locally or remotely.

Example 1—Access to digital assets by personal representative. D dies with a will that is silent with respect to digital assets. D has a bank account for which D received only electronic statements, D has stored photos in a cloud-based Internet account, and D has an e-mail account with a company that provides electronic-communication services to the public. The personal representative of D’s estate needs access to the electronic bank account statements, the photo account, and e-mails.

The personal representative of D’s estate has the authority to access D’s electronic banking statements and D’s photo account, which both fall under the act’s definition of a “digital asset.” This means that, if these accounts are password-protected or otherwise unavailable to the personal representative, then the bank and the photo account service must give access to the personal representative when the request is made in accordance with Section 8. If the terms-of-service agreement permits D to transfer the accounts electronically, then the personal representative of D’s estate can use that procedure for transfer as well.

The personal representative of D’s estate is also able to request that the e-mail account service provider grant access to e-mails sent or received by D; ECPA permits the service provider to release the catalogue to the personal representative. The service provider also must provide the personal representative access to the content of an electronic communication sent or received by D if the user has consented and the fiduciary submitted the information required under Section 7. The bank may release the catalogue of electronic communications or content of an electronic communication for which it is the originator or the addressee because the bank is not subject to the ECPA.

Example 2—Access to digital assets by agent. X creates a power of attorney designating A as X’s agent. The power of attorney expressly grants A authority over X’s digital assets, including the content of an electronic communication. X has a bank account for which X receives only electronic statements, X has stored photos in a cloud-based Internet account, and X has a game character and in-game property associated with an online game. X also has an e-mail account with a company that provides electronic-communication services to the public.

A has the authority to access X’s electronic bank statements, the photo account, the game character and in-game property associated with the online game, all of which fall under the act’s definition of a “digital asset.” This means that, if these accounts are password-protected or otherwise unavailable to A as X’s agent, then the bank, the photo account service provider, and the online game service provider must give access to A when the request is made in accordance with Section 10. If the terms-of-service agreement permits X to transfer the accounts electronically, then A as X’s agent can use that procedure for transfer as well.

As X’s agent, A is also able to request that the e-mail account service provider grant access to e-mails sent or received by X; ECPA permits the service provider to release the catalogue. The service provider also must provide A access to the content of an electronic communication sent or received by X if the fiduciary provides the information required under Section 9. The bank may release the catalogue of electronic communications or content of an electronic communication for which it is the originator or the addressee because the bank is not subject to the ECPA.

Example 3—Access to digital assets by trustee. T is the trustee of a trust established by S. As trustee of the trust, T opens a bank account for which T receives only electronic statements. S transfers into the trust to T as trustee (in compliance with a terms-of-service agreement) a game character and in-game property associated with an online game and a cloud-based Internet account in which S has stored photos. S also transfers to T as trustee (in compliance with the terms-of-service agreement) an e-mail account with a company that provides electronic-communication services to the public.

T is an original user with respect to the bank account that T opened, and T has the ability to access the electronic banking statements under Section 11. T, as successor user to S, may under Section 13 access the game character and in-game property associated with the online game and the photo account, which both fall under the act’s definition of a “digital asset.” This means that, if these accounts are password-protected or otherwise unavailable to T as trustee, then the bank, the photo account service provider, and the online game service provider must give access to T when the request is made in accordance with the act. If the terms-of-service agreement permits the user to transfer the accounts electronically, then T as trustee can use that procedure for transfer as well.

T as successor user of the e-mail account for which S was previously the user is also able to request that the e-mail account service provider grant access to e-mails sent or received by S; and ECPA permits the service provider to release the catalogue. The service provider also must provide T access to the content of an electronic communication sent or received by S if the fiduciary provides the information required under Section 12. The bank may release the catalogue of electronic communications or content of an electronic communication for which it is the originator or the addressee because the bank is not subject to the ECPA.

North Carolina Comment

In subdivision (b)(4), “may not” was changed to “shall not” to comply with this State’s drafting conventions. No substantive change was intended.

In subsection (g)(2), the Uniform Act’s bracketed phrase providing a generic description of documents appointing a personal representative was deleted and a more detailed list substituted.

Editor’s Note.

Session Laws 2016-53, s. 10 provides: “The Revisor of Statutes shall cause to be printed, as annotations to the published General Statutes, all relevant portions of the Official Comments to the Revised Uniform Fiduciary Access to Digital Assets Act (2015) and all explanatory comments of the drafters of this act as the Revisor may deem appropriate.”

§ 36F-16. Custodian compliance and immunity.

  1. Not later than 60 days after receipt of the information required under G.S. 36F-7 through G.S. 36F-15, a custodian shall comply with a request under this Chapter from a fiduciary or designated recipient to disclose digital assets or terminate an account. If the custodian fails to comply, the fiduciary or designated recipient may apply to the court for an order directing compliance.
  2. An order under subsection (a) of this section directing compliance must contain a finding that compliance is not in violation of 18 U.S.C. § 2702.
  3. A custodian may notify the user that a request for disclosure or to terminate an account was made under this Chapter.
  4. A custodian may deny a request under this Chapter from a fiduciary or designated recipient for disclosure of digital assets or to terminate an account if the custodian is aware of any lawful access to the account following the receipt of the fiduciary’s or designated recipient’s request.
  5. This Chapter does not limit a custodian’s ability to obtain or require a fiduciary or designated recipient requesting disclosure or termination under this Chapter to obtain a court order which does all of the following:
    1. Specifies that an account belongs to the ward or principal.
    2. Specifies that there is sufficient consent from the ward or principal to support the requested disclosure.
    3. Contains a finding required by law other than this Chapter.
  6. A custodian and its officers, employees, and agents are immune from liability for an act or omission done in good faith in compliance with this Chapter.

History. 2016-53, s. 1.

OFFICIAL COMMENT

This section establishes that custodians are protected from liability when they act in accordance with the procedures of this act and in good faith. The types of actions covered include disclosure as well as transfer of copies. The critical issue in conferring immunity is the source of the liability. Direct liability is not subject to immunity; indirect liability is subject to immunity.

Direct liability could only arise from noncompliance with a judicial order issued under sections 7 to 15. Upon determination of a right of access under those sections, a court may issue an order to grant access under section 16. Section 16(b) requires that an order directing compliance contain a finding that compliance is not in violation of 18 U.S.C. Section 2702. Noncompliance with that order would give rise to liability for contempt. There is no immunity from this liability.

Indirect liability could arise from granting a right of access under this act. Access to a digital asset might invade the privacy or the harm the reputation of the decedent, protected person, principal, or settlor, it might harm the family or business of the decedent, protected person, principal, or settlor, and it might harm other persons. The grantor of access to the digital asset is immune from liability arising out of any of these circumstances if the grantor acted in good faith to comply with this act. If there is a judicial order under section 16, compliance with the order establishes good faith. Absent a judicial order under section 16, good faith must be established by the grantor’s assessment of the requirements of this act. Further, Section 16 (e) allows the custodian to verify that the account belongs to the person represented by the fiduciary.

NORTH CAROLINA COMMENT

The bracketed phrase “as amended” in subsection (b) of the Uniform Act’s text was not included as being unnecessary. In subsection (d), the phrase “or designated recipient” was inserted after the second reference to “fiduciary” to parallel the phrasing at the beginning of the sentence.

Editor’s Note.

Session Laws 2016-53, s. 10 provides: “The Revisor of Statutes shall cause to be printed, as annotations to the published General Statutes, all relevant portions of the Official Comments to the Revised Uniform Fiduciary Access to Digital Assets Act (2015) and all explanatory comments of the drafters of this act as the Revisor may deem appropriate.”

§ 36F-17. Uniformity of application and construction.

In applying and construing this uniform act, consideration must be given to the need to promote uniformity of the law with respect to its subject matter among states that enact it.

History. 2016-53, s. 1.

§ 36F-18. Relation to Electronic Signatures in Global and National Commerce Act.

This Chapter modifies, limits, or supersedes the Electronic Signatures in Global and National Commerce Act, 15 U.S.C. § 7001, et seq., but does not modify, limit, or supersede Section 101(c) of that Act, 15 U.S.C. § 7001(c), or authorize electronic delivery of any of the notices described in Section 103(b) of that Act, 15 U.S.C. § 7003(b).

History. 2016-53, s. 1.