No one expects a young man in his 30s to suddenly die. Yet, in December 2018, a particular young man in his 30s, named Gerald Cotton, did exactly that. In the process of not foreseeing his untimely passing, Cotton failed to leave any method of accessing his online accounts.
Now, this would have been frustrating and complicated for his next of kin (in this case, his widow) under any normal circumstances because death is upsetting and emotionally trying, and having to sort through a deceased person’s personal data is difficult enough. But Gerald Cotton wasn’t an ordinary person. He was the CEO of Quadriga CX, a cryptocurrency exchange in Canada that was holding some $190 million in digital assets. Now, those assets cannot be accessed because Cotton didn’t leave his passwords to his surviving spouse or any family members, and none of the companies hired to break into his online accounts have been able to crack the code.
Gerald Cotton provides an extraordinary example of how our online presence can affect our lives offline—even after we die. Some 20% of cryptocurrency is unclaimed because users – living ones – forgot or lost their passwords. When a person dies, their passwords and account access dies with them. This can include financial data, social media accounts, access to bank accounts and financial statements, and anything else that may be stored online.
Around the world, individuals have fallen into financial ruin and small businesses have been forced to shut their doors because someone with important data passed on without passing their data to family members, roommates, or business partners. Passing on data when you die has become an important part of making a will and preparing for the end of your life—whether you are expecting to die or not. Accidents and unexpected circumstances don’t need to ruin your whole family, your business, or your investments.
Data security isn’t just about keeping hackers out. Part of data security is ensuring that your data can be accessed by the people who need to access it—especially if you are not available to let them in. Death doesn’t need to be the urgency in this case; if you are ever incapacitated, for instance, your family still needs to pay the bills or may need to access your insurance, and your business could suffer from your absence. Ensuring that someone has access to your online accounts is simply a common-sense step in any business continuity plan as well as in ensuring your loved ones’ financial solvency in case of the unexpected.
Furthermore, many online services have strict parameters for obtaining access to a loved one’s data. Usually only immediate family or someone with a power of attorney can access it, and only after they submit legal documentation of their identity and a death certificate for the account holder. Even these are not always effective; Apple ID is notoriously secure to the point that users have lost their own passwords and been locked out of their devices. There are some state laws that address obtaining a deceased loved one’s data set, but these mostly apply to social media.
To make sure your family, business partners, and other beneficiaries can access your online assets, there are a few steps you can take.
Securing your digital assets in the event of your incapacitation or death is a grim task, but the case of Gerald Cotton shows how important it is. Not everyone has $190 million in assets they are charged with protecting, but it can be just as catastrophic to your family or business to lose access to your online accounts. Take precautions now, before it’s too late.