Digital legacy is a minefield of financial and legal risks
awyers, accountants and other professionals who provide financial planning
advice to clients, manage or administer
client assets (including as testamentary or
bankruptcy trustees), offer elder care services or deal with third-party property as
powers of attorney are often unaware of
the challenges and risks associated with
digital assets and liabilities in these various circumstances.
Some challenges include identifying and
valuing these assets and liabilities;
developing a plan for their management and
eventual disposition; obtaining and securing
custody (sometimes including computer
hardware); and performing professional
duties with appropriate due diligence and in
accordance with accepted standards and
practices for digital legacy matters.
However, there are many risks, such as:
n;Heightened fraud based on computer
security and social media attack vectors and
incidence of post-mortem identity theft;
n;Operational risk arising from failure to
obtain client passwords and the resultant
need for ‘cracking expertise’ and digital
n Financial loss or asset impairment
based on the improper or ineffective management of digital assets;
n;Litigation, regulatory and financial risk
resulting from failure to adequately
address disclosure, litigation, taxation and
compliance matters related to the client’s
n Business risk arising from failure to
meet client expectations or achieve satisfactory overall administration results; and
n;Professional risk arising from failure to
act in accordance with relevant standards
and best practices.
While, in principle, the form in which an
asset or liability exists should be a minor
consideration, in practice, digital assets and
liabilities tend to be much more difficult to
deal with than their tangible counterparts.
credit bureaus and shutting off online
access to bank accounts) and, if necessary,
creating forensically sound copies of critical
records and implementing logging to evidence exactly what has transpired in the
administration of the digital legacy.
WARENEM Y / DREAMSTIME.COM
‘Digital legacy’ is generally defined to
include the client or testator’s digital
assets, digital liabilities, electronic docu-
ments and records, social media profiles,
web traces, including writings and blogs,
and ‘digital persona,’ including aliases and
avatars. Assets consist of physically con-
trollable digital assets (PCDA) and con-
trolled access digital assets (CADA), the
former stored on hardware to which the
owner (professional) has direct access, the
latter stored on third-party or cloud infra-
structure generally accessible only through
the use of passwords and the Internet.
n;Statutory and legal records in electronic
form (contracts, business and tax records,
personal and historical documents).
Digital liabilities reside either locally or
remotely and include:
The professional advisor’s involvement
with digital legacy matters often begins as
part of the estate planning process or when
addressing tax matters. However, the most
difficult fraud and forensic issues generally
arise post mortem or once the professional
assumes responsibility and/or custody of
the digital assets or carriage of the testa-
mentary, bankruptcy or other estate.
In addition to any forensic accounting
needed to identify, locate and address digital
assets and liabilities, a digital forensic examination may also be required. These examinations are generally conducted when:
n;A legally admissible reference copy of
digital evidence is needed.
n;Digital legacy data is complex, voluminous or has been obfuscated.
n;The content of client or testator hard
drives is unknown.
n;Data has been password-protected, but
passwords are lost or unknown.
n;Client or testator created internet aliases
or avatars whose transactions must now be
reconstructed and consolidated.
n;Litigation or statutory matters require
a complete catalogue of digital legacy
information (i.e. for e-discovery or taxation purposes).
n Activities of various computer/account
users must be analyzed to determine who
did what and when.
n A material asset or liability is believed to
exist on the web, but not in paper-based
format (i.e. credit balance at PayPal or
Poker.com, intellectual property resident
in the cloud, fund transfers that were not
conducted through a financial institution
or mediated by SWIFT).
n;Personal, medical and social media digital
legacy data may impose specific obligations
on the data custodian under PIPEDA.
Lawyers, accountants, forensic and digital
legacy specialists often work as a team on
forensic engagements of this type, since the
work requires knowledge of trust law, IT
law, legal privilege, injunctions, Anton Pillar orders, investigation, accounting, computer security, digital forensics and social
media techniques and technologies.
Fraud risk arises in digital legacy matters
principally through computer security,
access and privacy violations and data
exfiltration, each of which can provide the
perpetrator with the raw material for identity theft, document forgery, personation,
obtaining credit under false pretenses,
making a false claim, as well as extortion,
theft, conversion and filing a false tax
return. Poorly managed post mortem
social media activity can also increase
fraud risk, with perpetrators able to identify multiple potential “targets” using
powerful search and correlation tools.
Fraud risk associated with PCDA and
CADA is similar in type, but not necessarily in magnitude. The higher risk (
unfortunately) is sometimes associated with computers in the physical possession of legal or
financial professionals who fail to take
even rudimentary security precautions.
Managing digital legacy fraud risk
requires an understanding of the digital
legacy technical ecosystem, imposition of
reasonable security and access controls
over client/testator data (wherever located),
implementing common sense preventive
and detective controls (such as monitoring
ASSISTANT DEAN, RECRUITMENT AND ADMISSIONS
The Faculty of Law at Western University is seeking a dynamic, student-oriented professional for the position of Assistant Dean, Recruitment and
Admissions. Reporting to the Associate Dean (Academic) and the Dean
of Law, the Assistant Dean, Recruitment and Admissions will serve as the
senior admissions officer for the law school.
The digital component of a client or testator’s life represents an emerging challenge to
legal and accounting professionals and one
that will surely grow. Evolving standards and
best practices continually refine what constitutes due diligence for the professional.
Fraud risk, financial risk and professional
risk are often elevated in digital legacy matters and must be carefully considered by
lawyers, accountants and other professionals
currently involved or considering entering
this field. Advance planning for digital legacy matters is strongly encouraged to ensure
that the ultimate administration unfolds in a
predictable and effective manner.
Qualifications: LL.B. or J.D. degree with a minimum of two years experience
in the practice of law, in a legally-related position, or in law school
recruitment and admissions; human resource management and recruiting
experience preferred; superior written and oral communication skills; strong
interpersonal and organizational skills.
Jerrard Gaertner, CA-CISA/IT, CGEIT, CISSP,
CIPP/IT, CFI, CIA, I.S.P., ITCP, is director, technology assurance services at Soberman LLP. He
is president of the Canadian Information Processing Society—Ontario, and can be reached
by email at email@example.com.
Applicants should send a letter of application and curriculum vitae, to
Associate Dean (Administration) Craig Brown, Faculty of Law, Western
University, London, Ontario, N6A 3K7.
We want to hear from you!
Send us your verdict: