The Lawyers Weekly - September 7, 2012

Digital legacy is a minefield of financial and legal risks

JERRARD GAERTNER

awyers, accountants and other professionals who provide financial planning advice to clients, manage or administer client assets (including as testamentary or bankruptcy trustees), offer elder care services or deal with third-party property as powers of attorney are often unaware of the challenges and risks associated with digital assets and liabilities in these various circumstances.

Some challenges include identifying and valuing these assets and liabilities; developing a plan for their management and eventual disposition; obtaining and securing custody (sometimes including computer hardware); and performing professional duties with appropriate due diligence and in accordance with accepted standards and practices for digital legacy matters.

However, there are many risks, such as: n;Heightened fraud based on computer security and social media attack vectors and incidence of post-mortem identity theft;

n;Operational risk arising from failure to obtain client passwords and the resultant need for ‘cracking expertise’ and digital forensic examination; n Financial loss or asset impairment based on the improper or ineffective management of digital assets; n;Litigation, regulatory and financial risk resulting from failure to adequately address disclosure, litigation, taxation and compliance matters related to the client’s digital legacy; n Business risk arising from failure to meet client expectations or achieve satisfactory overall administration results; and n;Professional risk arising from failure to act in accordance with relevant standards and best practices.

While, in principle, the form in which an asset or liability exists should be a minor consideration, in practice, digital assets and liabilities tend to be much more difficult to deal with than their tangible counterparts.

L

credit bureaus and shutting off online access to bank accounts) and, if necessary, creating forensically sound copies of critical records and implementing logging to evidence exactly what has transpired in the administration of the digital legacy.

Forensic considerations

WARENEM Y / DREAMSTIME.COM

Some basics

‘Digital legacy’ is generally defined to
include the client or testator’s digital
assets, digital liabilities, electronic docu-
ments and records, social media profiles,
web traces, including writings and blogs,
and ‘digital persona,’ including aliases and
avatars. Assets consist of physically con-
trollable digital assets (PCDA) and con-
trolled access digital assets (CADA), the
former stored on hardware to which the
owner (professional) has direct access, the
latter stored on third-party or cloud infra-
structure generally accessible only through
the use of passwords and the Internet.

n;Statutory and legal records in electronic form (contracts, business and tax records, personal and historical documents).

Digital liabilities reside either locally or
remotely and include:
The professional advisor’s involvement
with digital legacy matters often begins as
part of the estate planning process or when
addressing tax matters. However, the most
difficult fraud and forensic issues generally
arise post mortem or once the professional
assumes responsibility and/or custody of
the digital assets or carriage of the testa-
mentary, bankruptcy or other estate.

Fraud risk

In addition to any forensic accounting needed to identify, locate and address digital assets and liabilities, a digital forensic examination may also be required. These examinations are generally conducted when: n;A legally admissible reference copy of digital evidence is needed. n;Digital legacy data is complex, voluminous or has been obfuscated. n;The content of client or testator hard drives is unknown. n;Data has been password-protected, but passwords are lost or unknown. n;Client or testator created internet aliases or avatars whose transactions must now be reconstructed and consolidated. n;Litigation or statutory matters require a complete catalogue of digital legacy information (i.e. for e-discovery or taxation purposes). n Activities of various computer/account users must be analyzed to determine who did what and when. n A material asset or liability is believed to exist on the web, but not in paper-based format (i.e. credit balance at PayPal or Poker.com, intellectual property resident in the cloud, fund transfers that were not conducted through a financial institution or mediated by SWIFT). n;Personal, medical and social media digital legacy data may impose specific obligations on the data custodian under PIPEDA.

Lawyers, accountants, forensic and digital legacy specialists often work as a team on forensic engagements of this type, since the work requires knowledge of trust law, IT law, legal privilege, injunctions, Anton Pillar orders, investigation, accounting, computer security, digital forensics and social media techniques and technologies.

Fraud risk arises in digital legacy matters principally through computer security, access and privacy violations and data exfiltration, each of which can provide the perpetrator with the raw material for identity theft, document forgery, personation, obtaining credit under false pretenses, making a false claim, as well as extortion, theft, conversion and filing a false tax return. Poorly managed post mortem social media activity can also increase fraud risk, with perpetrators able to identify multiple potential “targets” using powerful search and correlation tools.

Fraud risk associated with PCDA and CADA is similar in type, but not necessarily in magnitude. The higher risk ( unfortunately) is sometimes associated with computers in the physical possession of legal or financial professionals who fail to take even rudimentary security precautions.

Managing digital legacy fraud risk requires an understanding of the digital legacy technical ecosystem, imposition of reasonable security and access controls over client/testator data (wherever located), implementing common sense preventive and detective controls (such as monitoring

In summary

ASSISTANT DEAN, RECRUITMENT AND ADMISSIONS The Faculty of Law at Western University is seeking a dynamic, student-oriented professional for the position of Assistant Dean, Recruitment and Admissions. Reporting to the Associate Dean (Academic) and the Dean of Law, the Assistant Dean, Recruitment and Admissions will serve as the senior admissions officer for the law school.

The digital component of a client or testator’s life represents an emerging challenge to legal and accounting professionals and one that will surely grow. Evolving standards and best practices continually refine what constitutes due diligence for the professional.

Fraud risk, financial risk and professional risk are often elevated in digital legacy matters and must be carefully considered by lawyers, accountants and other professionals currently involved or considering entering this field. Advance planning for digital legacy matters is strongly encouraged to ensure that the ultimate administration unfolds in a predictable and effective manner.

Qualifications: LL.B. or J.D. degree with a minimum of two years experience in the practice of law, in a legally-related position, or in law school recruitment and admissions; human resource management and recruiting experience preferred; superior written and oral communication skills; strong interpersonal and organizational skills.

Jerrard Gaertner, CA-CISA/IT, CGEIT, CISSP, CIPP/IT, CFI, CIA, I.S.P., ITCP, is director, technology assurance services at Soberman LLP. He is president of the Canadian Information Processing Society—Ontario, and can be reached by email at jgaertner@soberman.com.

Applicants should send a letter of application and curriculum vitae, to Associate Dean (Administration) Craig Brown, Faculty of Law, Western University, London, Ontario, N6A 3K7.