Sign In

Communications of the ACM

ACM News

The Afterlife Online

View as: Print Mobile App Share:

Protecting your digital identity at end of life should be a part of your estate planning.

Credit: Antonio Giovanni Pinna

Not only is it important to get your financial ducks in a row as you approach the end of your life, but experts say you must also protect your digital identity, even after you die. Failing to do so not only opens a person's account to hacking, but also potentially leaves money on the table in digital payment accounts.

"The risk of building a digital identity on any platform on the Internet is that the ownership of the posts, photos, and any other data you upload may not be exclusive to you, regardless of being the one who created them,'' notes David Clark, an attorney and partner at The Clark Law Office in Michigan. "In the event of death, your digital profile could end up being immortalized if no action is taken, and your content may be perpetually used for marketing. "

There are no laws regulating how companies must navigate their users' digital deaths, so the responsibility of informing these digital entities when someone dies falls to the users' relatives, Clark says.

The number of people with a digital footprint is staggering. In 2021, 75% of adults over 65 years old said they used the Internet, along with 96% of individuals aged 50 to 64.

Protecting your digital identity should be a part of your estate planning, says Mary Writz, vice president of ForgeRock, an identity and access management (IAM) software provider and a former ethical hacker (Writz left ForgeRock after being interviewed for this article).

The first thing to do is conduct an inventory of your critical accounts—including financial, healthcare, investments, email, and social media. Then you need to think about who you trust with the passwords for those accounts. If you use an online password manager, consider whether you want to print out your passwords and include them with your will, or give the passwords to a trusted family member or friend.

"People ask me what I do, and my background is in ethical hacking so I go old school—I print out or write out my passwords,'' says Writz. "My spouse knows the lay of the land."

Another consideration is that "email is the center of your digital identity,'' she says. "You can reset all your passwords with your email address … so that's the most important central account to think about." Some email providers offer the option of adding someone to your account to act on your behalf, and people should definitely utilize that feature, she says.

"Think of it as a digital power of attorney," Writz says. Because there is no legislation requiring tech providers to help people gain access to the accounts of someone who has passed away, there is no incentive for them to make it easy to do so, she observes. Many do not even list a phone number to call if you have trouble logging into an account, she adds.

Leaving social media sites open is a double-edged sword. On the one hand, it is useful for notifying people in your network of someone's passing and allowing them to comment. On the other hand, "It can be particularly heartbreaking if someone is posting comments on an account that are trolling and hard to tolerate,'' she says.

On the other hand, social media profiles that are left open also can lead to hacking and someone stealing the identity of a deceased person to apply for a credit card, or even a job.

"In this digital world where so much of our lives is online, we want to have more control over [our profiles], particularly if a loved one has passed away and they didn't do a lot of planning,'' Writz says.

If a user doesn't have a predetermined digital death plan, relatives can contact the platform (and hopefully get a response) and inform them about the user's death, Clark says. "Since the life of someone else's account will be on the line, it will be lawful for them to require proof of death such as a death certificate."

Like Writz, he says "going old school is recommended. Moreover, just as you would organize all your important documents such as insurance, banking statements, and wills, to be entrusted to your loved ones, be sure to include a list of access details to your digital accounts. Most importantly, you must utilize the account legacy features and options offered by some digital platforms."

For example, Gmail's inactive account manager page and Facebook's legacy contact option allow you to establish what happens to your account and digital data in the event of a death, Clark says. "Once you've got all these locked down, it will be up to your friends and relatives to ensure these platforms will come through and your digital accounts will be deactivated."

Emma McGowan, an online privacy expert and senior writer for Avast, an online global privacy and security company, recommends that older adults store digital identity documents in a digital identity wallet on a mobile device so the information is all in one place. Digital wallets contain digital versions of credit and debit cards; examples include Apple Pay, Samsung Pay, and Google Pay. To help protect a person's security, card numbers and personal information are not stored, she says.

McGowan also recommends using a password manager, a secure vault where you can store every single password. "All you have to remember is one master password to gain access to any login information that you need,'' she says. "They'll also generate random passwords for you, either as a combination of letters and numbers or as unrelated words."

When it comes to cleaning up your digital footprint, McGowan notes that "While some things can never be fully scrubbed from the Web, most places that host your personal information can be adjusted."

Protecting your digital identity is something everyone should take the time to do, she stresses. "Keeping your data trail clean isn't only about your reputation – the junk you allow your devices to collect puts your internet privacy and security at risk."

Steps toward a cleaner digital footprint include searching for your name online, clearing your browser history, scrubbing your personal data and other personal information that you find is public, auditing your old accounts, and adjusting your privacy settings in your browser and mobile apps, McGowan says.


Esther Shein is a freelance technology and business writer based in the Boston area.


No entries found