Digital Inheritance and Data Privacy Post-Mortem

What happens to your data when you die?

78% of millennials do not have a will. Products and social media companies require extensive documentation before fulfilling deletion requests, and while there are plenty of digital inheritance and legacy planning services, adoption rates seem to be low among millennial audiences. Without leaving instructions on how you’d like your social profiles handled, your data could remain floating in the void after you die.

Research Questions

  • Why and how do users engage with the deceased on social media?

  • What kind of digital assets should remain private for the deceased?

  • How is technology changing the way individuals are executing the wishes of the recently deceased?

  • What kind of steps are users taking to protect or erase their “digital legacy”?

User Interviews

Even post-mortem there’s things about your image, not that it matters at that point, but still there is something about the image I project to my parents I want to maintain.
I’m active on Twitter for example, I’d like to think if I died tomorrow that’s just where the story ended. I find that there is some beauty in that.
If I wanted them to see, I’d post it. I have a lot of conversations on [Facebook]. For me those are my personal, intimate memories.
Do I need to write a living will?!...I am more scared of people seeking closure [by reading my messages] to feel like they knew me completely. I don’t know if they’ll be happy with what they find. It is scary because the deceased has no say.

I conducted four user interviews and asked questions relating to the person’s use of social media websites, the experience of losing a loved one, and the person’s own digital legacy and post-mortem privacy.

Based on user interviews, I found there is a need for a product or service that ensures certain assets are shared with loved ones and family members while other accounts or data are deleted, should the unexpected occur or the individual becomes incapacitated. I considered this scenario further by creating a persona and storyboard.

Click to enlarge

Click to enlarge

Persona

I built out a person that merged my user interviews into one, tech-loving millennial: Blair St. James. She’s an avid user of social media, backs up all her data in more than one location for safe keeping, and is also concerned about keeping her personal files and messages private.

Click to enlarge

Click to enlarge

Storyboard

After exploring my persona, I considered a scenario in which a young woman dies and private information is learned about her by her mother posthumously. What impact does sensitive information have on our relationships with loved ones? What information should remain private, even after death?

Problem Statement

The user needs a solution for maintaining agency over personal digital assets, including who accesses their digital files posthumously, and how these assets are being disseminated and/or deleted.

But how could I get young people to use end-of-life planning tools? I decided to give them a tool that is useful while they’re alive!


Proposal: Password Manager with Digital Inheritance Features

Password managers allow users to manage multiple accounts within one interface. Password managers often host important documents and identification and allow for sharing of passwords for joint accounts, such as utilities or media streaming services. And like digital estate planning tools, some products offer the opportunity to share account credentials with trusted contacts, but this requires disclosing your personal passwords.

Delete. Preserve. Transfer.

This product will include the standard features for managing passwords for active accounts. Its unique digital inheritance features set it apart from competitors and allow users to set preferences for how their accounts will be managed posthumously. This product will allow the user to delegate access by account, assign the actions a trusted contact can take on the user’s behalf, or take full ownership of the user’s account.

In the event of an emergency, the trusted contact would request access to the account and could then trigger a script that fires and executes the user’s commands, similar to a script that logs out a user of all active sessions. This prevents a user from having to disclose login credentials in order to have their personal accounts deleted.

Target Audience

Millennials and young professionals aged 18-36 who are in good health

User Goals

  • Manage passwords for existing accounts.

  • Select and manage the specific accounts that will be shared posthumously with friends and family.

  • Disable or purge the data and content that should not be shared

Competitive Analysis

I conducted market research to assess competitors and identity gaps in features.

AfterVault and SafeBeyond are two estate planning tools that offer password storage. Keeper and LastPass are two password managers with digital inheritance tools.

The estate planning products require you to pay indefinitely for a service you won’t really use until you are dead; the password managers require you pay annually for a service you can use day to day but offer limited digital legacy settings. All of these solutions require you to disclose your password.

Competitive analysis between estate planning tools and other password managers shows a gap in features.

Competitive analysis between estate planning tools and other password managers shows a gap in features.

MoSCoW - Must, Should, Could, Won’t

MoSCoW - Must, Should, Could, Won’t

During my research, I discovered competitor products utilize a variety of features including more than just what is expected. Many tools offer its users form completion features, document storing, multi-factor authentication, password creation, password strength report, and even alerts when an unusual login occurs in one of your accounts.

I used the MoSCoW method to organize and prioritize potential features of my password manager product and faced a pivot point where the password management features would prevent me from focusing on the real problem I had identified.

After considering how many password managers exist in the market, I decided to explore modifications to LastPass’s existing digital inheritance features.

Wire Frames

User Sharing and Emergency Access Screen

User Sharing and Emergency Access Screen

User Sharing and Emergency Access Screen

1. List of users who have share access

2. Icons: Edit settings or delete user

3. Add a new user to share assets with

User Sharing and Emergency Access Screen

User Sharing and Emergency Access Screen

User Sharing and Emergency Access Screen

1. Add Name and Email address of user you want to share assets with

2. Select which assets via drop-down checklist

3. Set user permissions: full access or account executor. Designate users as account executors in case of emergencies.

4. If user is an account executor, set the wait time for when they request and receive access to executor actions.

Digital Legacy Settings Screen

Digital Legacy Settings Screen

Digital Legacy Settings Screen

1. From the Vault, user clicks on site account to edit. Overlay pop up box for configuration of account management

2. Drop down list to share account information with another user

3. Digital Legacy Settings: Users can designate accounts for deletion, preservation, or transfer ownership to another user.

4. Favorite account or Delete account.

Emergency Contact Executor Screen

Emergency Contact Executor Screen

Emergency Contact Executor Screen

1.  Accounts stored in Vault appear in boxes

2. Actionable icon appears in lower corner that represents user’s legacy preference

3. Each account has its own actionable icon.

4. Popup screen confirming account memorialization.

Emergency Contact Executor Screen - Confirmation Popup

Emergency Contact Executor Screen - Confirmation Popup

 

Usability Testing

User Testing, Lo-fi Prototype

  • Navigation titles are unclear.

  • No visual indication for entering Emergency Access Mode.

  • Sensitivity to Iconography: the trashcan, which is synonymous for “delete”, triggers negative feelings for the legacy contact, as if they are “deleting” their loved one.

  • Confusion about what action each icons (trash can, candle) represent.

User Testing, Hi-fi Prototype

  • List of accounts in “tile view” is not ideal

  • Huge branding of account was disliked

  • Unable to differentiate between your account and shared accounts

  • Difficult for testers to know that this is what their friends want - how do you help the emergency contact feel like they are executing their friend’s wishes?

  • Testers thought it was important to see what accounts would be affected, but in some situations the user might not want their account to even be known

hi-fidelty mockup

Biggest takeaway: How do you make the emergency contact comfortable with the finality of this responsibility?

Refined Prototype

I realized after these two sessions that the emergency contact was finding it difficult to act on behalf of their friend. They did not want to delete the account of their friend, despite the fact that it was that person’s final wish.

I focused on refining the language about the digital legacy features and the role of digital heir in order to be more sensitive to the emotions the heir may be feeling in this situation.

Feature Prioritization

Now

  • Permissions based on person and account

  • Set preferences for how account will be handled posthumously

Next

  • Onboarding for users

  • Adjustments to vault layout

  • Message from user to Digital Heir

Later

  • Automated “dead man’s switch” — no emergency contact needed

  • Digital Heir is not required to have account


Potential Limitations and Future Considerations

This idea is designed to assist the user during life and death. By providing a service that is usable and helpful on a daily basis, I hope to raise awareness of digital legacy issues and encourage millennials to take preventative steps to ensure their private data remains private.

  • Technical development would be required to fire a script that executes an account deletion.

  • First iteration still requires emergency contacts to have a password manager account. Developing a method to grant emergency access could impact “zero-knowledge” capabilities preventing records of personal data within the product’s computer servers.

  • If this process can be automated with scripts, does the user even need an digital heir? Someone would still need to notify the password manager that the user is deceased in order to execute the person’s wishes, unless there was also a “dead man’s switch” option.

  • Not all social accounts offer a memorialization option like Facebook; this could limit the user with preservation options beyond deletion.