An Ultimate Guide to Understanding RUFADAA


The information age has radically altered many facets of our life during the last several decades. As a result of these developments, there have been heated discussions over individual privacy and how civil and criminal laws should be applied.

In a world where information critical to modern society is generated, distributed, and kept on the Internet, it is unavoidable that the traditional approach to estate planning must alter and adapt. This sociocultural progress is exemplified by RUFADAA.

What is RUFADAA?

RUFADAA is a statute granting access to an individual’s internet accounts to the Executor of an Estate or an attorney after death or incapacitation.

RUFADAA, which was created by the Uniform Law Commission (U.L.C.), expands the authority customarily granted to an Executor or trustee of an Estate when managing a person’s tangible assets to encompass their Digital Assets as well.

We have decoded RUFADAA and what it means for digital asset management at Clocr. We have also got you set to learn how to make your own digital Estate Plan.

RUFADAA is a redesigned version of UFADAA, which aimed to provide Estate Executors and Trustees with the same online account access as the owner in the case of their death or incapacitation.

Critics of the law argued that it went too far and that there were insufficient safeguards in place, and they were successful, resulting in the passage of RUFADAA. Only if the decedent explicitly agrees does the Revised Uniform Fiduciary Access to Digital Assets Act grant an Executor of Trustee access to the content of electronic communications, such as emails, chats, and D.M.s.

RUFADAA defines Custodians as companies that create, store, or provide Digital Assets, such as Google and Facebook.

Custodians may seek court orders before passing over access to an account to limit their role in the estate’s settlement. They may also only provide you access to “reasonably essential” information for settling an estate. Custodians cannot access deleted assets and joint accounts.

RUFADAA establishes a foundation for how the State and an Executor, Fiduciary, or Attorney should handle a person’s Digital Assets after incapacitation or death. A hierarchy of procedures gives clear guidance on how to manage or close someone’s online account.

The Importance of RUFADAA

Users can choose what should happen to their accounts after death or long periods of inactivity using online tools like Google’s Inactive Account Manager and Facebook’s Legacy Contact. RUFADAA states that when such tools are provided, they take precedence over all other instructions, including a website’s Terms of Service. 

Google’s Inactive Account Manager allows users to nominate a Trusted Contact who will obtain access to their account when a set amount of time has passed. A user might also opt to have their data permanently removed. Last sign-ins, recent activity, Gmail usage on the web or in the app, and Android check-ins are all used by Google to detect inactivity.

The Legacy Contact feature on Facebook allows users to appoint someone they trust to handle their account after they pass away. A Legacy Contact can publish a pinned post for someone’s profile and edit their profile and cover photographs despite not having full access to the account. They can also ask for a user’s account to be deleted. A Legacy Contact has no access to a user’s private communications or the ability to delete old posts or friends. 

If a Custodian does not provide an online tool, the next step, according to RUFADAA, is to consult the legal documents. A Will, a Trust, or a Power of Attorney are all examples of this. An Executor or Fiduciary can be granted access to one or more specified accounts through a person’s Digital Estate Plan.

The Terms of Service of a Custodian will define a Fiduciary’s access to a user’s digital asset if no information about accessing their Online Accounts has been left, whether through an online tool or a Digital Estate Plan. 

If you can recall the last time you read a website’s Terms of Service, you can see how this could cause problems. Exactly. For example, Verizon and all of its subsidiaries, including Yahoo!, require that all accounts be non-transferable and expire upon the user’s death. If the Terms of the Service agreement is ignored, your family and loved ones may lose access to critical information needed to settle your estate.

RUFADAA was enacted in most jurisdictions to dictate how to manage someone’s Digital Assets after they died. The Executor or Trustee of a Decedent’s Estate can access and manage the estate’s Digital Assets and electronic communications under RUFADAA. Your State’s definition of what counts as a digital asset or electronic communication is different.

The Purpose Behind RUFADAA

The Purpose Behind RUFADAA

Most people nowadays utilize Digital Assets without even realizing it — to communicate, pay payments, manage subscriptions, save images, and so on. 

There were few laws in place before recently that helped decide who may access these data and accounts if the person became incompetent or died. It was difficult to determine who would have legal access to a deceased or incompetent person’s Digital Assets if they wanted them destroyed, amended, or distributed to loved ones. 

The fiduciary would be unable to access the accounts unless the person provided usernames and passwords. As a result, Digital Assets are frequently erased by the firm that owns them, or they remain unreachable by family and friends on the Internet or on devices long after the person’s death. 

This loophole in the law created anguish for families trying to recover precious artifacts from their loved one’s online legacy, as well as issues for the Executor of the estate. Delays, frustrations, and the loss of important things or information were all too common. The Uniform Law Commission began looking for a solution to this challenge in 2012.

The Legislative History of RUFADAA

UFADAA – The First Attempt

In 2014, the first Uniform Fiduciary Access to Digital Access Act (UFADAA) was passed. The authors of the UFADAA believed that the best method to give executors and agents access to a principal’s or decedent’s Digital Assets was to provide them with access to the traditional property.

In other words, they intended to treat Digital Assets the same way they treated traditional assets: the owners should be able to decide what should happen to them, and fiduciaries should be able to control them if the owner died or became incapable.

After being appointed Executor (called a personal representative in several jurisdictions), a person has the same right to access the deceased person’s accounts that the deceased person had during his or her lifetime under the UFADAA. If the Executor lacks the necessary login or password information, he or she may request access from the corporation, which would be obliged to comply.

Ideally, this technique would have provided executors with the necessary access to close the estate, including the ability to pass on images, archive communications, delete or edit social media accounts, pay last debts via bill pay, and cancel subscriptions.

Technology corporations, as well as privacy advocacy groups like the ACLU, were vocal in their opposition to this version of the law. They suggested that giving executors access to all of a deceased person’s digital possessions would do the following:

  1. intrude on the deceased’s privacy in ways they could not have envisioned or desired
  2. increase the risk of accountability for the companies that committed to keeping the accounts safe
  3. trespass on the privacy of third parties whose messages or information may come into contact with the Executor
  4. misclassify digital property, which differs significantly from traditional assets held by an executor, and
  5. cause inconsistencies with privacy protections.

The technology businesses claimed that parts of the UFADAA violated federal privacy laws as well as state and federal computer fraud statutes, compelling them to break one law while following another.

They also contended that UFADAA should not be allowed to override the terms of service agreements (TOSAs) that their clients sign when they register new digital asset accounts. The majority of TOSAs make Digital Assets non-transferable and place severe limits on who can access accounts. The UFADAA would have granted fiduciaries broad access to the records of the decedent or principal, even if they contradicted the TOSA.

Furthermore, the UFADAA’s treatment of Digital Assets as traditional assets prompted privacy concerns. People’s privacy expectations for Digital Assets aren’t the same as they are for traditional assets, according to privacy advocacy groups.

For example, you may be aware that your Executor will have access to all of your desk drawers’ photos and letters. Do you anticipate (or want) your Executor to have access to every email you’ve ever sent or every photo you’ve ever stored online?

In 2015, state legislators introduced UFADAA in more than half of the United States, but only one State approved a version of the law due to opposing pressure and concerns (Delaware). The U.L.C. went back to the planning board to come up with a new plan.

The Scope and Extent of RUFADAA as a Law


The updated regulation significantly limits an executor’s ability to access Digital Assets. Here are a few of the key highlighted changes:

  • Unless the deceased individual is explicitly authorized to disclosure, an executor no longer has jurisdiction over the content of electronic communications (tweets, private emails, and chats).
  • An executor can access other sorts of Digital Assets, but they must now petition the court and explain why the asset is required to close the estate.
  • If a fiduciary does not have explicit authorization to access a deceased person’s account through a Will, Trust, or Power of Attorney, custodians might look to the terms of service agreements to see if they should cooperate with requests for access.
  • Custodians can: seek court orders; limit their compliance by only granting access to assets that are “reasonably necessary” for the estate’s completion; charge costs to comply with access requests, and refuse requests that are unreasonably demanding.
  • Deleted assets and joint accounts may not be accessible by custodians.

RUFADAA appears to be on the verge of becoming law in the majority of states. On the National Conference of State Legislatures’ website, you can follow RUFADAA’s progress.

Although most lawyers, tech businesses, and average individuals with Digital Assets will welcome some clarity on a fiduciary’s access to Digital Assets upon death or incapacity, the legislation is still young, and issues appear likely in reality.

Don't Put Your Trust Solely in the Law

Even if your State has enacted RUFADAA, you need to establish a plan for your Digital Assets. If you wish your Executor or agent to have access to your estate, follow these steps:

You should include in your Will or Power of Attorney whether you want your Executor or attorney-in-fact to have legitimate access to your Digital Assets.

Even if you provide this authorization, going through the legal process of invoking RUFADAA to gain access to your Digital Assets would be a task and a problem for your fiduciary. Your fiduciary will have to send a deluge of documentation to each company (perhaps even court orders), and the fiduciary will likely only have the most limited access—it may be just enough to close the estate.

Go beyond giving authorization in your Will or Power of Attorney if you want your Executor to have ultimate access to your Digital Assets (which not everyone does).

Also, provide information and instructions on how to access your accounts and files to your Executor or agent. Your Executor will be able to quickly access your accounts in the same way that you do.

This is by all measures the simplest and most reliable approach to ensure that your Executor is able to close down your Digital Estate. Here’s how to do it:

  • Make a letter or a note to the person you’re writing to. There’s no need for anything spectacular. Simply write a letter, either by hand or on a computer. This information should not be included in your Will, which will be made public.
  • Include instructions and information about how to get there. Leave detailed information on how to gain access to your accounts. Include any required websites or devices, along with usernames and passwords.
  • Also, instruct your Executor on how to handle each account. Do you want your images to be shared with relatives, your Twitter account to be erased, and your blog archived and saved? Make sure you’re being as clear and thorough as possible.
  • Place your mail in a secure location. Keep your letter safe with other critical documents such as your Will, health care directive, and insurance information. Because your Executor may require this information immediately after your death, make sure it’s easily available and that you tell them where to find it.
  • Keep your letter current. Update your letter as account information changes so that your Executor gets the most up-to-date information when the time comes.

If you don’t want anyone to have complete access to your Digital Assets if you die or become incapacitated, talk to a lawyer about privacy options.

An attorney may be able to include a clause in your Will that expressly forbids your personal representative from accessing specific assets. Alternatively, the attorney could assist you in establishing a Trust that selects a trusted individual to protect your assets on your behalf.

Brief Overview of the Operative RUFADAA Sections

Overview of the Operative RUFADAA Sections

The following is a section-by-section description of RUFADAA’s provisions, based on the uniform act’s section numbers. 

RUFADAA’s Section 2 has a list of definitions that are utilized throughout the legislation. While it is beyond the scope of this article to go over each definition in detail, we will go over a few of the more important ones below. 

The Uniform Probate Code is the source of several of RUFADAA’s definitions. “A person who carries, maintains, processes, receives, or stores a user’s digital asset” is characterized as a “custodian.”  As a result, most online email and social media service providers will be considered custodians. 

The phrase “content of an electronic communication” is borrowed from the S.C.A., which states that content “includes any information concerning the substance, purport, or meaning of any wire, oral, or electronic communication when used with respect to any wire, oral, or electronic communication.”  

The term is intended to apply exclusively to content that is covered by the ECPA (including the S.C.A.).  As a result, throughout the Revised UFADAA, the term “content of an electronic communication” applies solely to material in the body of an electronic message that is not easily available to the public. 

The information would not be subject to the federal law’s privacy safeguards under ECPA if it was easily available to the public. A “tweet” by a Twitter user that is visible to the general public, for example, would not be included in this definition.

A “catalog of electronic communications,” on the other hand, is defined as information that identifies each individual with whom a user has had electronic communications, as well as the time and date of that communication and the person’s electronic address. 

A catalog linked to an email, for example, might include the sender and recipient’s email addresses, as well as the time and date the communication was sent. In most cases, a fiduciary will have access to a catalog of the user’s communications but not to the content unless the user has authorized the publication of the material (as explained below). 

RUFADAA defines an “online tool” as “an electronic service provided by a custodian that allows the user to provide directions for or nondisclosure of Digital Assets to a third person in an agreement separate from the custodian’s terms of service agreement.” 

An online tool can assign a “designated recipient” to manage the user’s Digital Assets. An online tool replaces directions in the user’s estate planning paperwork, as detailed below, even if such directions are in conflict with the user’s preferences as indicated in an online tool. 

The act applies to:

(1) fiduciary acting under a Will or power of attorney signed before or after the act’s effective date;

(2) a personal representative of a decedent who died before or after the act’s effective date (including a decedent who died intestate);

(3) a conservatorship commenced before or after the act’s effective date; and

(4) a trustee of a Trust created before or after the act’s effective date. 

RUFADAA creates a “three-tier priority system” for establishing a user’s purpose in relation to any digital asset in Section 4. 

First, the user can instruct the custodian whether or not to divulge the content of the digital asset using an online tool. Any such directive “overrides a contrary direction by the user in a Will, Trust, power of attorney, or other records” provided the online tool permits the user to change or delete the direction at any time. 

Second, if an online tool is not used, the user’s instructions in a Will, Trust, Power of Attorney, or “other record” will determine whether a digital asset’s content can be given to a fiduciary.

 Finally, if the user does not offer instruction through an online tool or related documentation, the fiduciary’s rights will be governed by the TOSA regulating the digital asset. If the TOSA is silent on a user’s fiduciary’s rights, as it usually is, RUFADAA’s default regulations (described below) will be the fiduciary’s only remaining choice. 

According to Section 5 of RUFADAA, if a fiduciary gains access to a digital asset, the TOSA continues to apply to the fiduciary in the same way as it did to the original user. If the custodian can comply with section 6.69, the custodian is not obligated to allow a fiduciary to assume the rights under the TOSA.

Section 6 lays forth the steps a custodian must take to comply with RUFADAA’s disclosure requirements. When disclosing a digital asset, the custodian may grant the fiduciary or designated recipient

(1) “full access to the user’s account,”

(2) “partial access to the user’s account sufficient to perform the tasks with which the fiduciary or designated recipient is charged,” or

(3) an electronic or paper copy of the digital asset, at its “sole discretion.” 

If the custodian believes a request from a fiduciary will place an “undue burden” on the custodian, this clause authorizes the custodian to seek direction from the court. 

The first of RUFADAA’s provisions, Section 7, lays out the methods by which fiduciaries can get information about a deceased or incapacitated user’s Digital Assets from internet providers. 

This section allows a personal representative of a decedent’s estate to obtain such access if the personal representative submits to the custodian

(1) a written request for disclosure in written or electronic form;

(2) a certified copy of the user’s death certificate;

(3) a certified document evidencing the personal representative’s authority (such as a court-issued letter of appointment or letters testamentary); and

(4) unless the user used an online service. 

Section 7 also states that the personal representative may be required to provide additional information to the custodian if the custodian requests it, such as evidence that the user had an account with the custodian, such as the account number, username, address, or other uniquely identifying information.

Furthermore, the custodian can request that the fiduciary obtain a court order finding that

(1) the user had an account with the custodian;

(2) disclosure of the content of the electronic communications does not violate the S.C.A.;

(3) the user consented to the disclosure unless the user used an online tool; or

(4) disclosure of the information is “reasonably necessary for estate administration.” 

The personal representative faces substantial obstacles as a result of the judicial proceedings anticipated under section 7. The first sentence of section 7 permits the content of a digital asset to be disclosed if a “court directs.” 

Prior to making such a disclosure, the custodian may ask the court to rule that the revelation would not violate the S.C.A. or federal privacy laws (47 U.S.C. section 222); or that the “user consented to the disclosure.” This clause explicitly addresses the question of whether a fiduciary designated under state law has the user’s “lawful consent” to receive the content of electronic communication under federal law. 

Courts appear hesitant to assume permission only by the fact that the personal representative is acting in a fiduciary position, as evidenced in the In re Facebook, Inc. case noted above. A user’s unequivocal consent for disclosure of Digital Assets under the user’s Will, Trust, or Power of Attorney is critical in this case. 

Section 8 of RUFADAA allows the personal representative to request that the custodian disclose a “catalog of electronic communications sent or received by the user, other than the content of electronic communications sent or received by the user,” unless the decedent’s Will expressly states otherwise. 

The method described in section 8 is similar to that stated in section 7, except that no copy of the decedent’s Will is necessary, and a court finding need not mention conformity with the S.C.A. because such non-content disclosures are not forbidden by the S.C.A. 

As a result, even if there is no basis for “lawful consent” under the S.C.A., the fiduciary may still be entitled to acquire non-content information from the custodian. A power of attorney agent may seek disclosure of the content of a digital asset if a power of attorney “expressly grants” permission to the agent of such Digital Assets, according to section 9 of RUFADAA.

The agent’s request to the custodian must include the following:

(1) a written request for disclosure in paper or electronic form;

(2) an “original or copy of a power of attorney expressly granting the agent authority over the content of the principal’s electronic communications”; and

(3) a certification by the agent that a power of attorney is in effect, signed under penalty of perjury. 

The custodian may, as in section 7, ask the agent to produce identifying information or other proof that the user has an account with the custodian. 

Section 10 permits a power of attorney agent to request a list of electronic communications. The agent must submit the request to the custodian along with a copy of the power of attorney and a sworn statement that a power of attorney is still valid. 

As with section 9, the custodian may ask for identification information or other proof to validate the existence of an account. 

According to Section 11 of RUFADAA, if a Trustee is the “original user” of an account, the trustee has access to all Digital Assets held in Trust as well as a catalog of all electronic interactions. 

If the trustee of a Trust is not the original user of an account and the account is moved into the Trust by the settlor, or in another way, section 12 of RUFADAA establishes a procedure for the trustee to request disclosure of Digital Assets from the custodian

Unless the trustee gives the custodian

(1) a written request for disclosure in paper or electronic form;

(2) a certified copy of the Trust instrument or Certification of Trust that includes consent to the disclosure of the content of the digital asset to the trustee; and

(3) certification by the trustee, under penalty of perjury, a custodian shall disclose the digital asset information to the trustee unless ordered by the court, directed by the original user, or provided in the Trust. 

The trustee may also be asked to give identifying information or “evidence linking the account to the Trust” by the custodian.

Section 13 of the RUFADAA deals with the disclosure of non-content information (that is, the catalog of electronic communications). 

The trustee may make a request to the custodian under this section by submitting a request that is similar to the one described in section 12 above, except that the copy of the Trust instrument or certification of Trust does not have to include a reference to consent to the disclosure of the digital asset’s content. 

The mechanism through which a conservator may get limited information about the protected person’s Digital Assets is outlined in Section 14 of RUFADAA. The protected person preserves private rights in his or her personal correspondence, according to this provision. 

As a result, Digital Assets can only be accessed with a court order, not just because the conservator has broad jurisdiction to handle the protected person’s assets. The conservator may only obtain the inventory of the user’s Digital Assets, not the content-based information, unless the court orders otherwise. 

The conservator has the legal right to access this information by submitting a request for such information to the custodian in either paper or electronic format, together with a certified copy of the court’s order.

A conservator with broad jurisdiction over the protected person’s Digital Assets may also ask the custodian to suspend or terminate the protected person’s account for a good reason. 

Section 15 of the RUFADAA is a crucial section that defines the nature and scope of a fiduciary’s responsibilities as they pertain to Digital Assets. This section begins by reiterating that a fiduciary’s legal obligations to “manage tangible property” also extend to the administration of Digital Assets. 

These responsibilities include those of care, loyalty, secrecy, and may include some more. In addition, section 15 states that the fiduciary’s authority over a digital asset is subject to any applicable TOSA unless it is supplanted by the user’s direction in an online tool or applicable documents expressing lawful consent (which is section 4 of RUFADAA); (2) is subject to applicable law, including copyright law; (3) is limited by the scope of the fiduciary’s duties; and (4) is not to be used to “impersonate the user.” 

Section 15 affirms that the fiduciary has unfettered access to Digital Assets that are not held by a custodian or subject to a TOSA (for example, digital data saved on a decedent’s own computer). 

A fiduciary working within the limits of the fiduciary’s obligations is an authorized user of the property of a deceased, protected person, principal, or settlor for the purposes of state laws pertaining to computer fraud or unauthorized computer access. 

A fiduciary having power over a decedent’s protected person’s, principal’s, or settlor’s tangible personal property has the right to access that property and any Digital Assets held on it. Section 15 of the Act states that:

(1) a custodian may disclose to fiduciary information in an account that is required in order to close such an account; and

(2) a fiduciary may terminate the user’s account by submitting a written request to the custodian, along with enumerated documentation to verify the fiduciary’s authority and a death certificate, if the user is deceased. 

Section 16 of RUFADAA states that a custodian must comply with a fiduciary’s request for disclosure within 60 days of receiving it, together with all other information needed by RUFADAA.

 If the custodian refuses to comply, the fiduciary may seek a court order requiring compliance, but any such order must also state that “compliance is not in violation of 18 U.S.C. section 2702.” Section 16 empowers the custodian to notify the original user of a fiduciary’s disclosure request. 

Section 16 further states that the custodian may decline a fiduciary’s disclosure request if “the custodian is aware of any lawful access to the account following the receipt of the fiduciary’s request” under RUFADAA.

Furthermore, section 16 does not limit or require a fiduciary to obtain a court order that specifies that

(1) the account belongs to a protected person or principal under a power of attorney;

(2) “specifies that there is sufficient consent from the [protected person] or [principal] to support the requested disclosure”; and

(3) “contains a finding required by law other than [RUFADAA].” 

Finally, a custodian (together with its officers, employees, and agents) is “immune from liability for an act or omission done in good faith in compliance” with RUFADAA, according to section 16. 

The comments to RUFADAA go on to describe the “immunity” granted by this clause, stating that it protects custodians from “indirect” responsibility (for example, if a custodian grants access under the act). 

This exemption, however, would not apply to “direct” culpability, such as a custodian’s failure to comply with a court order under RUFADAA. RUFADAA has various administrative measures, including a uniformity clause, in sections 17 through 21.

RUFADAA Applicability by State

To learn about the applicability by State, you can visit our State-specific blogs.


The information age has radically altered many facets of our life during the last several decades. As a result of these developments, there have been heated discussions over individual privacy and how civil and criminal laws should be applied. 

In a world where information critical to modern society is generated, distributed, and kept on the Internet, it is unavoidable that the traditional approach to estate planning must alter and adapt. This sociocultural progress is exemplified by RUFADAA. 

The act, on the other hand, is a poor answer to many of the problems that estate planners encounter. Attorneys and other professional advisers will have to struggle with how federal legislation, such as the SCA, affect both the interpretation of state statutes, such as RUFADAA, and the management of Digital Assets by fiduciaries in the future years. Courts, future state legislatures, and, eventually, Congress will all play a part in the growth of digital asset law.

Clocr provides RUFADAA compliant Digital Estate Solutions. Sign-up with Clocr today and get all the help you need in creating your Digital Estate Plan.